On 21 June 2010 17:04, Kenneth Gonsalves <law...@au-kbc.org> wrote: > On Monday 21 June 2010 12:24:58 Torsten Bronger wrote: >> > Also, is this recommended practice, to use "www-data" as the >> > backend database username? >> >> No, not recommended, but not forbidden either. >> > > should be forbidden - one does not want apache to have direct access to the > database
Storing a password in plaintext file makes me uneasy, even though it is locked away through file-system permissions. Having spent some time recently in the Windows world, I take integrated auth for granted, and it works fine, making sysadmin much easier. You do bring up a interesting point though, and I don't know much about the architecture of Apache and how holes are exploited when they exist, but if the trespasser can execute arbitary code as www-data, wouldn't they have access to settings.py anyway? > -- > Regards > Kenneth Gonsalves > Senior Associate > NRC-FOSS at AU-KBC > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
