Re: [SQLObject] SQLObject vs mod_python security issue
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
Menu
▾
▴
Re: [SQLObject] SQLObject vs mod_python security issue
|
From: Luke O. <lu...@me...> - 2004-02-28 08:41:08
|
> In this scenario, with SQLObject table classes sitting in a > process-global registry, other users on the same server could get access > to my tables, which is not completely ideal. To agree with others posting on this issue, I don't see this as an SQLObject issue, but rather the basic inappropriateness of a shared mod_python hosting environment in general. Any environment in which you are sharing an instance of the python interpreter with untrusted parties is simply not going to be secure. A module-level registry makes this apparent, but getting rid of global stores does not change the openness of a python interpreter instance. The rexec/Bastion issues immediately spring to mind as an illustration. - Luke |
