Home/ Questions/Q 1068695
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T20:19:12+00:00

Im building a simple web app in Python using web.py – and was wondering

  • 0

Im building a simple web app in Python using web.py – and was wondering what best practices are in terms of securing the application.

I had two main questions at this stage:

  1. I want the application to be able
    to send email – its not hosted on
    GAE, but I thought a simple
    solutions might be to write / find a
    s script that is able to send
    pop/imap mail, and use a gmail
    account. This would require me to
    save the login and password in the
    script, in plaintext. This seems
    wrong and very insecure – I wonder
    what is the better way to do this?

  2. The webapp needs a sqlite db,
    which out of the box do not provide
    any security. How can i ensure that
    people just cant download the whole
    database file?

I imagine both of the questions above come down to file structure and permissioning – i havent been able to find a rigorous tutorial, and really curious to how people typically go about structuring webapps?

Many thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Obviously there must not be any direct access to the file system via an HTTP request.

    And I’m pretty sure that’s impossible if you’re using web.py anyway. When you create an application using web.py, you create a list of regular expressions for URLs which map to a class to send the request to. As long as every request to your web server gets sent to web.py, then you shouldn’t have any issues, as everything is white-listed by this URL list.

    http://webpy.org/tutorial3.en#urlhandling

    Because of that fact I wouldn’t worry about storing passwords in config files or source-code too much.

    • 0