list at joreybump.com
Wed Nov 24 12:47:58 EST 2004
I'd like to know if anyone has any recommendations for securely storing information such as db passwords. I don't like to include login information anywhere within the DocumentRoot, in case an interpreter failure or server misconfiguration exposes the code. To this end, I'm using the following system: 1. I create a different user for each VirtualHost. Within the user's home directory, I create a site directory that serves as the DocumentRoot. 2. I then create a Python directory in the home directory, and add it to the VirtualHost's PYTHONPATH using: PythonPath "sys.path + ['/var/www/virtual/user/Python']" Or one could do this within the script itself: sys.path.append('/var/www/virtual/user/Python') This gives me a safe place outside of the DocumentRoot to store settings in modules, without placing them in the default PYTHONPATH of every other user on the system. 3. To store settings, I create a package structure: cd ~/Python mkdir Conf cd Conf touch __init__.py This allows me to create files with settings specific to an application and import them. So, for application foo, I would create foo.py here and list the values I need, or even wrap them up neatly in a function: # ~/Python/Conf/foo.py import MySQLdb bees = 0 eric = 0.5 def get_dbh(): """ Set up db connection and return handle. """ dbhost = "localhost" dbuser = "cyril" dbpwd = "ladidi123" dbname = "menagerie" dbh = MySQLdb.connect(dbhost, dbuser, dbpwd, dbname) return dbh Then, in my mod_python application, I import the values: # ~/site/foo.py from Conf.foo import * bees += eric dbh = get_dbh() # db handle is now ready to use for queries/updates I find this approach a lot simpler than using a configuration parser, especially because there is no new syntax to learn and the resources are immediately available to the application. Creating a package to hold the settings also helps to avoid namespace clashes. The usual caveats apply here as they do to any embedded interpreter, with the main concern being that other system users now theoretically have access to the code, which must be readable by the user apache runs as. The main payoff is that the application is a bit more resistant to remote exploits, because the code is stored outside the DocumentRoot. I'd be interested in how others handle sensitive information or in any suggestions for hardening the approach I've outlined above. I generally use Publisher in a prefork environment, if that helps.