[mod_python] File Sessions security problem?

marinus van aswegen mvanaswegen at gmail.com
Wed Jun 21 10:23:07 EDT 2006


Hi

I have been playing with mod_python (ubuntu std, breezy build) and I
noticed that the sessions db is stored in the /tmp dir with
permissions that will permit any user to read the file. I'm not to
happy with this since I store some very sensitive info in the session
object.

It's easy to chmod it, but perhaps it would be better to create the
file with more restrictive permissions?

Marinus


More information about the Mod_python mailing list