[mod_python] security issues?

Erik Stephens mod_python at 24ksoftware.com
Tue Mar 23 22:15:37 EST 2004 

On Tue, 23 Mar 2004, Michael wrote:

> Are their any inherit security issues with mod_python? Would it be
> secure enough, in a properly secured setting, for use in online
> banking apps?

I would hope that any known security issues have been dealt with
already ;) It's also tough to quantify how secure one piece of
software is versus another.  Since mod_python provides a fairly thin
layer over Apache (a secure, well-trusted web server), I would argue
that it is less prone to security holes than other web application
packages.  Plus, you have the source code if you want to be sure.
Again, since mod_python does not aim to do much more than allow python
to be embedded into Apache, there shouldn't be a lot of source code to
have to verify if you're really concerned about the security.

> Any special steps that need to be taken?

Not that I'm aware other than best practices (i.e. keep up-to-date,
proper configuration, don't trust user input, etc.).  Also, be aware
of common web application holes like cross-site scripting (XSS), sql
injection, and shell injection attacks.


Best regards,
Erik

More information about the Mod_python mailing list