|
Scott Sanders
sanders at apache.org
Wed Nov 24 13:00:38 EST 2004
Maybe I am less paranoid, but I just store that info in the .htaccess
under PythonOption directives. If the .htaccess file were to become
exploited, I have bigger problems :)
Scott
On Nov 24, 2004, at 9:47 AM, Jorey Bump wrote:
> I'd like to know if anyone has any recommendations for securely
> storing information such as db passwords. I don't like to include
> login information anywhere within the DocumentRoot, in case an
> interpreter failure or server misconfiguration exposes the code. To
> this end, I'm using the following system:
>
> 1. I create a different user for each VirtualHost. Within the user's
> home directory, I create a site directory that serves as the
> DocumentRoot.
>
> 2. I then create a Python directory in the home directory, and add it
> to the VirtualHost's PYTHONPATH using:
>
> PythonPath "sys.path + ['/var/www/virtual/user/Python']"
>
> Or one could do this within the script itself:
>
> sys.path.append('/var/www/virtual/user/Python')
>
> This gives me a safe place outside of the DocumentRoot to store
> settings in modules, without placing them in the default PYTHONPATH of
> every other user on the system.
>
> 3. To store settings, I create a package structure:
>
> cd ~/Python
> mkdir Conf
> cd Conf
> touch __init__.py
>
> This allows me to create files with settings specific to an
> application and import them. So, for application foo, I would create
> foo.py here and list the values I need, or even wrap them up neatly in
> a function:
>
> # ~/Python/Conf/foo.py
> import MySQLdb
>
> bees = 0
> eric = 0.5
>
> def get_dbh():
> """
> Set up db connection and return handle.
> """
> dbhost = "localhost"
> dbuser = "cyril"
> dbpwd = "ladidi123"
> dbname = "menagerie"
> dbh = MySQLdb.connect(dbhost, dbuser, dbpwd, dbname)
> return dbh
>
> Then, in my mod_python application, I import the values:
>
> # ~/site/foo.py
> from Conf.foo import *
>
> bees += eric
> dbh = get_dbh()
> # db handle is now ready to use for queries/updates
>
> I find this approach a lot simpler than using a configuration parser,
> especially because there is no new syntax to learn and the resources
> are immediately available to the application. Creating a package to
> hold the settings also helps to avoid namespace clashes.
>
> The usual caveats apply here as they do to any embedded interpreter,
> with the main concern being that other system users now theoretically
> have access to the code, which must be readable by the user apache
> runs as. The main payoff is that the application is a bit more
> resistant to remote exploits, because the code is stored outside the
> DocumentRoot.
>
> I'd be interested in how others handle sensitive information or in any
> suggestions for hardening the approach I've outlined above. I
> generally use Publisher in a prefork environment, if that helps.
>
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
|