So I have been developing my first website. I have a cgi script that allows users to sign up for e-mail updates. However, I don't trust the security of cgi-bin with the api-key I am using to sign people up to a mailing list. So I put the api-key in another folder in home with chmod 711开发者_Go百科 on the directory (as opposed to 755 on the cgi-bin directory). I then import the api-key into the python cgi script. With something like:
sys.append.path("/home/otherfolder") import apikeyfile
Does this actually provide any extra security to my script? Is there something else I should be doing instead?
This isn't a Python question (the fact that you're using Python is totally incidental), but the answer is: yeah, it's a good idea to have your sensitive data in a place where your Web server can't, even if somewhat misconfigured, send it to an attacker. So outside of whatever directory hierarchy your Web documents and scripts are in. It won't stop an attacker if they root your server, but a lot of exploits don't require root, and so putting as many obstacles in the way of a hacker as possible is considered good pracitce. (This is called "defense in depth" by network security wonks.)
This is a good idea. chmod 500
is better in this case. The rule of th You have to have the most restrictive privileges as possible. Keep in mind your app might hacked and then you don't want your app to write to its self. (unless it has too...)
精彩评论