web2py and security
113 views
Skip to first unread message
James O' Driscoll
Nov 19, 2014, 8:42:12 PM11/19/14
to web...@googlegroups.com
Are there any good resources on how to boost the security of web2py.
Regards,
James
Rufus
Nov 22, 2014, 3:55:52 PM11/22/14
to web...@googlegroups.com
What aspect of security are you concerned about?
Are you asking how to configure web2py for maximum security?
Are there aspects of the security model you feel need boosting?
Have you read the manual about web2py and security?
I'm not an expert, but as I understand it, security was one of the
prime design goals of web2py.
Are you asking how to configure web2py for maximum security?
Are there aspects of the security model you feel need boosting?
Have you read the manual about web2py and security?
I'm not an expert, but as I understand it, security was one of the
prime design goals of web2py.
James O' Driscoll
Feb 11, 2015, 8:23:28 AM2/11/15
to web...@googlegroups.com
Rufus,
I am asking how to configure web2py for maximum security.
I am not an expert either but you cannot be too careful.
I am just looking for general good sources of info.
Regards,
James
Rufus Smith
Feb 11, 2015, 11:07:10 AM2/11/15
to web...@googlegroups.com
I am not too active or up to date on security, I assume you already looked at:
http://www.web2py.com/book/default/chapter/01#Security
and at the end of the section it referenced generic python security here:
http://www.pythonsecurity.org/
Rufus
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/0sHTAb54xqM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Dave S
Feb 11, 2015, 2:34:25 PM2/11/15
to web...@googlegroups.com
On Wednesday, February 11, 2015 at 8:07:10 AM UTC-8, Rufus wrote:
I am not too active or up to date on security, I assume you already looked at:
http://www.web2py.com/book/default/chapter/01#Security
and at the end of the section it referenced generic python security here:
http://www.pythonsecurity.org/
Rufus
Also, back in August Massimo posted this:
About security (a). You cannot beat the security of web2py. Friday I am giving a talk at OWASP in Orange County about this. I will post slides. The University where I teach was one of the first in the country to receive a certificate of excellence from the NSA. This was not about web2py but this is to say we are security experts.
Also note that web2py takes care of several security issues that other environments leave to the individual developer, who might not be trained to think of security issues.
(OWAPS-OC is a local chapter of The Open Web Application Security Project . You might see if you have a chapter in your area, or browse for their materials. The chapter link is
<URL:http://www.meetup.com/OWASP-OC/>)
/dps
Reply all
Reply to author
Forward
0 new messages