Web lists-archives.com

Re: Request for a Good Practice for webdev doc.




On 28.04.2019 21:42, aprekates wrote:
Experimenting with wsgi and python webapp dev
i came upon issues and roads to choose mainly
regarding to installation , deployment and security
related issues.

sudo pip install ..   or  pip install

is virtualenv secure or is just redicect trickery and
not a real chroot enviroment ?

Should i make another user for developement ?

I think by a little search to the net around similar questions thats
a doc from the community , endorsing some good practices for
developers could be of help.

I've read https://wiki.debian.org/DontBreakDebian#Using_chroot.2C_containers.2C_and_virtual_machines
but i thinks there are more questions.

Thanks.


I think it is a good practice in general to actually test if something bothers you.
You can setup your virtualenv environment by the book in test VM, and create deliberately insecure python webapp to test how virtualenv will behave if you try to
execute shell commands from a web-browser, try to steal passwords, execute SQL commands, read, write, execute arbitrary files, etc.
Check out what username is used when you will do all that, what limitations and what options available for it.
If your system will host a few websites (Virtual Hosts), test if you can access the information on any of them from another website or not.
This way you can see how good the isolation is and its limitations and how to fix it and improve it.

WebDev IMO is hell with all those pip-s and npm-s out there pushing packages and modules and dependencies into your environment and you have to audit their code by yourself or blindly trust they are safe.
You should read the documentation, research and test to get the answers for the every question you have. Understand how everything works internally.
There are no step-by-step guides for security topics, because everything could be setup in myriad ways, constantly evolving and becoming so complex that there is almost never a straight answer for anything.

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀⠀⠀⠀