Thread: [SQLObject] security related question
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
From: Ivan H. <i.h...@al...> - 2006-03-30 19:12:46
|
Dear sqlobject-discuss, during my test i had a connection problem, and i received the following text: could not connect to server: Connection timed out (0x0000274C/10060) Is the server running on host "172.16.144.43" and accepting TCP/IP connections on port 5432? ; used connection string 'dbname=PMS user=USERNAME password=PWDXXX host=172.16.144.43' is it normal, secure that the system gives you back the username, and the password??? anyway which component prints this out? -- Best regards, Ivan Horvath Chief Programmer Anyone who has never made a mistake has never tried anything new. /Albert Einstein/ |
From: Oleg B. <ph...@ma...> - 2006-03-30 19:26:03
|
On Thu, Mar 30, 2006 at 09:10:43PM +0200, Ivan Horvath wrote: > during my test i had a connection problem, and i received the > following text: > > could not connect to server: Connection timed out (0x0000274C/10060) > Is the server running on host "172.16.144.43" and accepting > TCP/IP connections on port 5432? > ; used connection string 'dbname=PMS user=USERNAME password=PWDXXX host=172.16.144.43' > > is it normal, secure that the system gives you back the username, > and the password??? > > anyway which component prints this out? psycopg - a DB API driver SQLObject uses to connect to a Postgres server - raised an exception and python interpreter printed the exception. Oleg. -- Oleg Broytmann http://phd.pp.ru/ ph...@ph... Programmers don't die, they just GOSUB without RETURN. |
From: Ivan H. <i.h...@al...> - 2006-03-30 19:42:08
|
Dear Oleg, i see and how can be solved this problem? because if i'm right this is a kind of grey box (psycopg). at least in my windows environment (i have a pyd, and a dll files in the DLLs folder). this is out of sqlobject, isn't it? to be honest i don't want to show to the user the username nor even the password Thursday, March 30, 2006, 9:25:47 PM, you wrote: OB> On Thu, Mar 30, 2006 at 09:10:43PM +0200, Ivan Horvath wrote: >> during my test i had a connection problem, and i received the >> following text: >> >> could not connect to server: Connection timed out (0x0000274C/10060) >> Is the server running on host "172.16.144.43" and accepting >> TCP/IP connections on port 5432? >> ; used connection string 'dbname=PMS user=USERNAME >> password=PWDXXX host=172.16.144.43' >> >> is it normal, secure that the system gives you back the username, >> and the password??? >> >> anyway which component prints this out? OB> psycopg - a DB API driver SQLObject uses to connect to a Postgres server OB> - raised an exception and python interpreter printed the exception. OB> Oleg. -- Best regards, Ivan Horvath Chief Programmer Alcatel ISD PMS 2000 Product Team H-1116, Budapest Kondorfa u. 10. Tel.: +36 1 209 9546 Fax.: +36 1 209 9599 Mobil: +36 30 257 0235 VOIP: +49 511 676 478010 mailto:i.h...@al... Anyone who has never made a mistake has never tried anything new. /Albert Einstein/ |
From: Oleg B. <ph...@ma...> - 2006-03-30 20:12:08
|
On Thu, Mar 30, 2006 at 09:40:05PM +0200, Ivan Horvath wrote: > and how can be solved this problem? Wrap an every call to SQLObject methods that access database with try/except and log the exception but do not show it to users. I see a way to do it once for the entire program using metaclasses but it's too complex to explain in a short email. (At least I think I see a way, but I may be wrong...) Oleg. -- Oleg Broytmann http://phd.pp.ru/ ph...@ph... Programmers don't die, they just GOSUB without RETURN. |
From: Jorge G. <go...@ie...> - 2006-03-30 20:51:29
|
Oleg Broytmann <ph...@ma...> writes: > I see a way to do it once for the entire program using metaclasses but > it's too complex to explain in a short email. (At least I think I see a > way, but I may be wrong...) Using a decorator might also be an interesting idea. It can wrap the function in the try/except and handle the exception somehow. -- Jorge Godoy <go...@ie...> "Quidquid latine dictum sit, altum sonatur." - Qualquer coisa dita em latim soa profundo. - Anything said in Latin sounds smart. |
From: Oleg B. <ph...@ma...> - 2006-03-30 21:42:39
|
On Thu, Mar 30, 2006 at 05:48:53PM -0300, Jorge Godoy wrote: > Oleg Broytmann <ph...@ma...> writes: > > I see a way to do it once for the entire program using metaclasses but > > it's too complex to explain in a short email. (At least I think I see a > > way, but I may be wrong...) > > Using a decorator might also be an interesting idea. It can wrap the function > in the try/except and handle the exception somehow. But you have to decorate a lot of methods manually, where a metaclass can automate the process. Oleg. -- Oleg Broytmann http://phd.pp.ru/ ph...@ph... Programmers don't die, they just GOSUB without RETURN. |
From: Jorge G. <go...@ie...> - 2006-03-30 20:15:12
|
Ivan Horvath <i.h...@al...> writes: > and how can be solved this problem? I'd try capturing the exception. If it is captured then the program doesn't terminates and you can change the error message. > because if i'm right this is a kind of grey box (psycopg). at > least in my windows environment (i have a pyd, and a dll files in > the DLLs folder). this is out of sqlobject, isn't it? Yes. psycopg is another software. > to be honest i don't want to show to the user the username nor even > the password So capture the exception... -- Jorge Godoy <go...@ie...> "Quidquid latine dictum sit, altum sonatur." - Qualquer coisa dita em latim soa profundo. - Anything said in Latin sounds smart. |