On 1/5/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hello, > > I'm developing a Python-based web ap, but don't understand how to best > organize the modules and set permissions for maximum security. > > Here's how the Python code for my ap is organized: > > 1) I have Python modules in a project directory. The path to that directory > is in a *.pth file in the .*/pythonx-y/site-packages directory. > > Question: who should own these modules; what groups should have access, and > how should permissions be set? > > 2) I have high-level modules that import the worker-bee modules in the web > root directory tree that are called by the webserver. > > Questions: who should own these modules, what groups should have access, and > how should permissions be set? > > 3) Is there a better way to organize my Python modules? Are there other > security issues I should heed? > > Many thanks, > > Lloyd
Are you using any of the many available web frameworks like turbogears, django, etc? If so your best option is probably to use the authentication/authorization capabilities of these frameworks and then you won't have to worry about it too much. Cheers, Daniel -- http://mail.python.org/mailman/listinfo/python-list
