AlterEgo
old web2py blog
Useful Links
List all entries
Book
Interactive Examples
F.A.Q.
Free Applications
Plugins
Recipes
Demo of Admin Interface
Semantic web extension
Some of the information here may be outdated, please check the book instead
Edit page
Title:
Security Code:
Body:
(use
this
wiki markup)
In general it is not a good idea to expose publicly admin and yourapp/appadmin unless they go over HTTPS and you enable secure cookies with response.cookies[response.session_id_name]['secure']=True This is true for web2py and any other web application: **If you do not want your passwords to transmit unencrypted, your sesion cookies should not either!** In fact, by default, for security, web2py admin does not work if the client is not localhost. An easy way to setup a secure production environment on a server (@serveraddress) is to: - start two instances of web2py: `nohup python2.5 web2py -p 8000 -i 127.0.0.1 -a '' &` `nohup python2.5 web2py -p 8001 -i 127.0.0.1 -a password &` - use apache mod_proxy to redirect port 80 to port 8000 (there will be no admin because no password) this is the public site - from your client machine connect to the second using a ssh tunnel: `ssh -L 8001:127.0.0.1:8001 username@serveraddress` - connect to 127.0.0.1:8001 on the local computer to access the admin of the remote (serveraddress) computer. All communication via port 8001 will be accessible to you only and encrypted.
© 2008-2010 by Massimo Di Pierro - All rights reserved - Powered by
web2py
- design derived from a theme by
the earlybird
The content of this book is released under the
Artistic License 2.0
- Modified content cannot be reproduced.