summarizing, web2py is just an executable. It protects you by default from
directory traversal attacks.
Everything but "static" folder is dinamically created by the executable.
You may want to serve "static" with your webserver of choice to relieve the
burden off of web2py shoulders, but ultimat
I know this is REALLY old but this topic is crucial to production and gets
VERY little attention.
So, it seems that the lock script has to run AFTER the web2py server has
been started by www-data (as a daemon by UWSGI, for example).
Or, can root start everything even in its locked state?
I am
Where can I read more detailed about it? Is there it in the web2py
book?
If the web2py server runs as www-data thatn web2py/ should be owned by
www-data and it should have read write permissions. You can then lock
your apps running
web2py/scripts/web2py-lock.sh
On Jan 5, 6:50 am, Branko Vukelić wrote:
> If you want 644 perms on the directory, the owner should be the
4 matches
Mail list logo
