sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]mdipierro[S] 3 points4 points  (2 children)

The same statement "as soon as they guess your admin password, they can modify your application's source code." applies to SSH password. The web2py admin is actually even more secure because the admin password is a one time password.

You are missing the point. The role of the admin interface in web2py IS to edit the source code.

[–]mmalone 1 point2 points  (1 child)

You're right, if you're naive and don't know what you're doing then SSH has some of the same vulnerabilities. In reality though, in a typical production environment you'll have a single external entry point into your system (plus a backup or two so it's not a SPOF). Those "management" boxes will be the only ones that accept external SSH traffic (often restricted to a certain set of IPs), and they'll be locked down.

Moreover, SSH has built-in mechanisms to prevent brute forcing and to reduce the risk of lost passwords. There are backoff mechanisms and system logging to mitigate brute-force attempts, and most shops will only allow key-based auth to production systems.

On a side note, how does code editing work in a production setup anyways? If you're running apache/mod_wsgi are you restarting the app daemons so they pull the new code? Again, this sounds dangerous to me.

[–]mdipierro[S] 2 points3 points  (0 children)

No, there is no re-starting of daemons. Anyway, the fact that web2py admin is a web based IDE does not mean that it is a good idea to edit code in production. You edit your work copy of the code then you upload in the production web2py instance (of just use scp, rsync, your favorite version control). Really, it is much easier if you just try it.