Massimo, Graham commented (replying my "apache+windows+wsgi <http://www.mhproject.org/index.php/mhproject.php/2009/07/20/how_to_install_apache2_ssl_web2py_window#comments>" tutorial post) some security issues in our default configurations using wsgi , I think we have to take in consideration. Maybe its corrected in th new chapter 10. In such a case, could you post the best and secure httpd.conf configuration?
/---You should avoid using the mod_wsgi Windows binaries you have, they are old and have a number of notable bugs which may cause problems. Up to date binaries are available from the mod_wsgi site. /I didnt find new ones for python 2.5 /---Also, the Location/LocationMatch directives you are using to allow Apache to serve files are a bad idea and doing it that way makes your web server less secure. In this respect, the instructions found with some web2py documentation which you may be following is quite poor and doesn't use best practice. You should use Directory directives instead and qualify access by where the files are stored in the file system and not by the URL path that access them. /I tried but I didnt get the right configuration throught Directory directives... (using wsgi alias, and so...) /---By using Location/LocationMatch directive in the way you have, you have effectively said that someone can download any file from your computer accessible via any URL. The only saving grace at present is that there probably isn't a URL which maps to high in the file system, but if through misconfiguration that was done, then there is nothing else to protect your files from being downloaded. The Directory directive when used properly, would prevent any files outside of the intended directories being downloadable./ than Alex F El 17/08/2009 13:10, Massimo Di Pierro escribió: > I want to publicly thank Graham Dupleton both for developing WSGI > (which is critical for a professional and scalable web2py deployment) > and for his help in the new book chapter 10 on deployment recipes. I > discovered he has an Amazon wishlist and that may be a nice way to say > thank you: > > http://www.amazon.com/gp/registry/wishlist/1ENAXIJG1G044 > > Massimo > > > > > -- Alejandro Fanjul Fdez. alex.fan...@gmail.com www.mhproject.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
