| | 52 | '''NOTE: Putting settings file in the 'apache' subdirectory where the WSGI script file is located is technically a security risk. This is because in order for the WSGI script file to be served from there, you have had to configure Apache to tell it it can use that directory. In doing that, it can technically serve files from there as static files. Thus, if Apache was incorrectly configured and files in that directory made accessible via a URL as static files, it would be possible to download the settings file. Since the settings file can contain database passwords, that obviously isn't going to be a good thing to happen. This example really should be modified, with settings files located one directory up from where they are, as would normally be the case.''' |