|
Gustavo Córdova Avila
gustavo.cordova at q-voz.com
Thu Mar 2 17:20:21 EST 2006
Graham Dumpleton wrote: > Deron Meranda wrote .. > >> On 3/2/06, Nicolas Lehuen <nicolas at lehuen.com> wrote: >> >>> For example : >>> >>> # index.py >>> # BAD ! >>> secret_password = "foobar" >>> >> Or even better yet, if your code must know about secret passwords >> (which is common for opening database connections, etc.), use >> something like, >> >> # index.py >> _secret_password = open('.secret','r').read().strip() >> >> and then store the password itself in the file ".secret". >> >> The leading dot in the filename will insure that Apache won't serve >> that file up with the default apache config. [Somebody correct me >> if this is different for Windows]. >> > Stand corrected then. Using a leading dot doesn't protect it on > UNIX like systems. The only safe way is to not put it in the directory > in the first place. > > BTW, that code wouldn't work anyway, as you use a relative path > but working directory will not actually be that directory so it will > not find it. > > Graham > *IF* you're going to use Apache's default configuration, all files which start with ".ht" are disallowed from all, so, the database password file could be: .ht_dbpasswd and it'd be inaccessible to all clients, but locally available. -gus -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20060302/429e67b6/attachment.html
|