Request for comments on modular application design and security.
godoy at metalab.unc.edu
Tue Sep 9 17:26:46 CEST 2003
I'm somewhat new to Python and I'm working on a modular application
that needs to access a database. Let me describe what I've done so far
and what I'm thinking about before asking something.
We have a login program that authenticates the user against passwords
available in the database and it opens a connection with priviledges
only to read the user's table. If the access is granted than we
os.execv() a second module that contains a menu list of modules of the
system that are available for them. This will be used as the 'main
menu'. If a button is clicked, the final program is called with all of
its options. The problem is how to pass the information that the user
was successfully authenticated and that connections should be opened
with its username and password on the database.
How can I pass this information from one proccess to another without
compromising security and in a way that's available in both Linux and
Windows? (They have half of the machines running each OS and are
migrating to Linux.)
Also, I'd appreciate comments on my approach. The program is going to
be huge in size and with several screens. I've adopted separate
modules to allow me to have it installed one piece a time and have it
working nicely on old machines (mainly P-233 or a maximum of P-300
with 64/128 MB of RAM).
Godoy. <godoy at metalab.unc.edu>
More information about the Python-list