Menu:

important security instructions

EN

Here are some very important security instructions for PyLucid.

public access to settings.py

The settings.py is inside the document root of the webserver. You should check if you can get the settings.py throu the webserver:

• Start a request like: http://www.yourdomain.tld/PyLucid/settings.py

Normaly you can's access the file, because we have added this in the .htaccess:

1
2
3

<Files settings.py>
    Deny from all
</Files>

_install section access

Disable the _install section access, after the installation. Change this in your settings.py:

• ENABLE_INSTALL_SECTION = False

You can also delete the install password hash. Note, the password hash can be show in a traceback, if enabled.

verbose tracebacks

You should disable the debug traceback function because. Set DEBUG = False in your settings.py

Use DEBUG = True only together with INTERNAL_IPS !

permalink

powered by PyLucid v0.8.5pre | Log in | render time: 23.9 ms - overall: 4.9 min - queries: 0 | last modified: 2007-12-04 17:54:16