Robin,
In support of the 'exploit' that you speak of - Is there any reported
issue, or bug report, or code that you can provide a reference to? This
would help understand if web2py is affected or not.
I suggest you take a look at the CVE database, to see if there have been
reported Vulnerabilities on software that you use:
https://www.cvedetails.com/
For example, looking for 'uwsgi' issues:
https://www.cvedetails.com/google-search-results.php?q=uwsgi&sa=Search
Whereas, the 'mod_wsgi' issues:
https://www.cvedetails.com/google-search-results.php?q=mod_wsgi&sa=Search
________________________________________
Kiran Subbaraman
http://subbaraman.wordpress.com/about/
On Thu, 25-02-2016 1:03 PM, Robin Manoli wrote:
Hello!
I was recommended by #ubuntu-server on Freenode not to use wsgi. I
wonder if you recommend this as well (which means not using web2py
with apache)?
I'm wondering if there is certain type of web2py code I can look for
to prevent unauthorized access. In particular, how to prevent apache
to send GET requests to other domains than the actual web2py web site
being requested in the first place.
I'd really appreciate your help on this :)
- Robin
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google
Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
