Re: [SQLObject] SQLObject vs mod_python security issue
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
Menu
▾
▴
Re: [SQLObject] SQLObject vs mod_python security issue
|
From: Ian B. <ia...@co...> - 2004-02-28 18:36:25
|
On Feb 27, 2004, at 8:04 PM, David McNab wrote: > In this scenario, with SQLObject table classes sitting in a > process-global registry, other users on the same server could get > access to my tables, which is not completely ideal. Like other people said, I don't think you can get safety with mod_python in this situation. And I don't think mod_python is much (if any) more common in vhosts than other Python environments. > Is there any way to stop SQLObject from keeping this registry? No, it's pretty essential -- the registry is how SQLObject finds other classes by name (for joins and foreign keys). But if you are just worried about name conflicts, not malicious access, you can define a separate registry for your application by adding a _registry class variable to your classes (a string which identifies your application). -- Ian Bicking | ia...@co... | http://blog.ianbicking.org |
