On Monday 21 June 2010 15:37:50 Sam Lai wrote: > > and a single point of entry to all systems for a cracker > > I'm not running them all as admin (aka. root) obviously. Integrated > auth doesn't mean every user account can access every resource. It's > really just delegating an application's authentication system to the > operating system (note authentication, not authorization). > > I fail to see how it is a single-point of entry to all systems. Yes, > it means there's one less layer of security, but that extra layer > provided by the DBMS isn't security anyway if as that OS user, you can > access the password to get past that extra layer of security anyway. I > don't believe this is an implementation of defense in depth.
I am no expert on windows, so cannot comment. > > >> You do bring up a interesting point though, and I don't know much > >> about the architecture of Apache and how holes are exploited when they > >> exist, but if the trespasser can execute arbitary code as www-data, > >> wouldn't they have access to settings.py anyway? > > > > and just to add to your worries, assuming that you have debug on in your > > production system, somewhere deep down in the traceback, you may see your > > database username and password! As for the apache question there are > > experts in this list who can anwer them. > > Thanks for mocking what was and still is a serious point. > I am sorry if you feel I was mocking - it was not my intention. And the point you were bringing up about Apache is a vast subject and I am not competent to answer it. As for the debug thing, it is just a warning not to run debug in production. -- Regards Kenneth Gonsalves Senior Associate NRC-FOSS at AU-KBC -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
