Path: csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <python-python-list@m.gmane.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.017
X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'prevents': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'restriction': 0.09; 'stored': 0.10; '(but': 0.15; 'accesses': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'storing': 0.16; 'mon,': 0.16; 'specify': 0.17; 'obviously': 0.18; '(or': 0.18; 'app': 0.19; 'feb': 0.19; 'written': 0.20; 'fairly': 0.21; 'password.': 0.22; 'role,': 0.22; 'runs': 0.22; 'role': 0.26; 'header:X-Complaints-To:1': 0.28; 'concern.': 0.29; 'credentials': 0.29; '(and': 0.32; '+0200,': 0.33; 'controls': 0.33; 'passwords': 0.33; 'picking': 0.33; 'url:home': 0.33; 'anyone': 0.33; 'to:addr:python-list': 0.33; 'front': 0.33; 'likely': 0.33; 'skip:d 20': 0.34; 'server': 0.35; 'mapping': 0.35; 'table': 0.35; 'subject:?': 0.35; 'received:org': 0.36; 'charset:us-ascii': 0.36; 'rather': 0.37; 'subject:: ': 0.38; 'nothing': 0.38; 'to:addr:python.org': 0.39; 'header:Received:5': 0.40; 'end': 0.40; 'skip:u 10': 0.60; 'most': 0.61; 'capable': 0.63; 'different': 0.63; 'accounts': 0.63; 'limit': 0.65; 'frank': 0.75; '2013': 0.84; 'compromised': 0.84; 'subject:over': 0.84; 'dennis': 0.91; 'received:108': 0.91
X-Injected-Via-Gmane: http://gmane.org/
To: python-list@python.org
From: Dennis Lee Bieber <wlfraed@ix.netcom.com>
Subject: Re: PyQT app accessible over network?
Date: Mon, 25 Feb 2013 18:32:22 -0500
Organization: > Bestiaria Support Staff <
References: <20130222164513.9377097f0cf2add2a6d16204@gmx.net> <kg87jq$kfd$1@ger.gmane.org> <CAO+9iGdCtzkkp=p5aA96qA9wqz+QDHc8mZTKwqUqpcd1ZUfFuA@mail.gmail.com> <kg8p5a$9en$1@ger.gmane.org> <mailman.2312.1361576247.2939.python-list@python.org> <20130224153134.4cab73a958ac7d1af476ae3d@gmx.net> <CAPTjJmrw7DvmdL3K8GqqYG1aexDWavo_LHZXcVG=hF_zJa2mWw@mail.gmail.com> <kgevgi$n8g$1@ger.gmane.org> <CAPTjJmr-XN0yuqyraYYs1X19k=Yo5JvVq1sGPWgqMFJntZg+sA@mail.gmail.com> <kgf5pn$8ja$1@ger.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Gmane-NNTP-Posting-Host: adsl-108-68-179-155.dsl.klmzmi.sbcglobal.net
X-Newsreader: Forte Agent 3.3/32.846
X-No-Archive: YES
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.2526.1361835150.2939.python-list@python.org>
Lines: 31
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1361835150 news.xs4all.nl 6967 [2001:888:2000:d::a6]:45213
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:39917

On Mon, 25 Feb 2013 10:02:07 +0200, Frank Millman <frank@chagford.com>
declaimed the following in gmane.comp.python.general:


> The app runs a web server (cherrypy) which anyone can connect to via a 
> browser, with a valid userid and password. User credentials are stored 
> in the database, and the system has its own mapping of which users (or 
> rather roles) have access to which tables. The front end is written in 
> Javascript.
>
 
	<snip> 

> Regarding security, obviously it is a concern. However, the various user 
> ids and passwords have to be stored *somewhere*, and if it is 
> compromised I would have thought that they would be equally vulnerable.
> 
	Which maps fairly directly to the MySQL (and likely other DBMS)
access control. If you are already storing UserID/passwords in a
(restricted access) table -- you might as well make them the native
database user accounts and use the database restriction controls to
limit access to database/table/column... Roles may be trickier if a
single userID is allowed to act in different roles (but then, if a user
can specify which role they are acting as, nothing prevents them from
always picking the most capable role, so just give them the accesses for
the highest role they are allowed).
 
-- 
	Wulfraed                 Dennis Lee Bieber         AF6VN
        wlfraed@ix.netcom.com    HTTP://wlfraed.home.netcom.com/