Trapper Forum

discussion forum

  • You are not logged in.

#1 April 16, 2016 11:31:50

rpitman
Registered: 2016-04-13
Posts: 6
Reputation: +  0  -
Profile   Send e-mail  

TRAPPER security

From a security perspective, how safe are the data linked to, or stored within, TRAPPER?

Offline

#2 April 16, 2016 15:15:52

demo-admin
Registered: 2015-12-11
Posts: 4
Reputation: +  0  -
Profile   Send e-mail  

TRAPPER security

In terms of serving data to the unauthorized users it should be safe as Trapper uses X-Sendfile feature:

"X-Sendfile (see for example http://wiki.nginx.org/XSendfile) allows verification of django-based user's permissions before specific content is send to a user (e.g. multimedia file). However, Django will not serve a content - it is done by a web server that can handle it much more efficient."

In the other words, even when you know the exact URL for given resource you can not view/download it unless you have a proper permission.

However, it is highly possible that there are some gaps in general Trapper's security performance. It should be tested.

Edited demo-admin (April 16, 2016 15:20:43)

Offline

Board footer

Moderator control

Powered by DjangoBB

Lo-Fi Version