On Tue, Jan 15, 2013 at 5:27 AM, Isaac Perez
wrote:
> In a few words what I want to protect from is that an sql query could be
> passed in the main input text box and it could access other users passwords
> or information.
this simply doesn't happen with modern client libraries, as long as
you do
Hi John,
I think you are going one step further of what I intended to protect from.
That makes me think about what you are saying but I think it's going to be
too complicated, I'll have to see the risk of that happening.
In a few words what I want to protect from is that an sql query could be
pas
Hi Isaac,
I've thought about this but never implemented it...
I don't think DB routers will really do what you want; you are making
the assumption that your Django project is compromised and you need
separation at the DB level, which means that every route is also
compromised as all the access cr
Hi Tom,
my main goal is to avoid that the access to the users table by anything
else other than the authentication module.
I understand that writing the app correctly and filtering the input, etc...
will do the same, but it's just another layer of security.
I'll take a look to the DB routers and
On Sun, Jan 13, 2013 at 5:05 PM, Isaac Perez
wrote:
> Hi guys,
>
> I'm creating a new app and I'd like to know how would be the best way to
> implement the principle of least privilege.
> At the moment the DB has 5 users:
>
> 1 is the root user for the DB (which I don't want it to be used by the
>
Hi Dennis,
yes, we are going to filter the input and the parameterized queries.
But I always prefer to have more than one layer of security.
And users won't be using any sql queries, they will just input text.
Does the django configuration always need to have full access to the DB?
Thanks,
Isaac
Hi guys,
I'm creating a new app and I'd like to know how would be the best way to
implement the principle of least privilege.
At the moment the DB has 5 users:
- 1 is the root user for the DB (which I don't want it to be used by the
webapp)
- 1 has read access to the data fields
- 1
7 matches
Mail list logo