[SQLObject] SQLObject vs mod_python security issue
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
Menu
▾
▴
[SQLObject] SQLObject vs mod_python security issue
|
From: David M. <da...@re...> - 2004-02-28 02:15:11
|
Hi, I've just noticed that SQLObject keeps some sort of process-global 'registry' of tables. This creates a security situation with mod_python. At present, I'm using SQLObject within mod_python on my own server. No problem here, because I can either just: 1) create my tables once within my mod_python handler, or 2) create the tables upon each hit, trapping the resulting exceptions on the second/subsequent hits. However, I'm looking to possibly move one or more sites to a shared vhost server. In this scenario, with SQLObject table classes sitting in a process-global registry, other users on the same server could get access to my tables, which is not completely ideal. Is there any way to stop SQLObject from keeping this registry? Or, should I only host mod_python/SQLObject-using websites on hosts that have separate users running within separate Apache processes? -- Kind regards David -- leave this line intact so your email gets through my junk mail filter |
