Forums

security

what is the security level of the code run and executed on PA? If there is sensitive information... is there any chance of a breach or data loss?

deleted-user-102253 | 6 posts | July 19, 2013, 9:52 p.m. | permalink

We take security and data integrity seriously, but there is always the chance of a breach or data loss. Anyone that tells you that there is no chance of a security breach or data loss on their system is lying or mistaken.

Staff glenn | 9718 posts | PythonAnywhere staff | July 20, 2013, 11:01 a.m. | permalink

I would say it is more safe than running your own VPS. I was running my own VPS before, but I do not have time or the knowledge of how to optimize my server for safety. Having the staff at PA taking care of that makes it possible for me to just focus on the code, instead of keeping my server updated etc. So for anyone who is not a security expert, I would say using a service like PA or GAE is more safe than running your own server or VPS.

deleted-user-97889 | 21 posts | July 20, 2013, 1:26 p.m. | permalink

Many thanks... !!

deleted-user-102253 | 6 posts | July 20, 2013, 4:46 p.m. | permalink

so for sensitive information in a database are there any recommended practices? I've been reading and some people are arguing that encrypting db data is a waste of time.

http://stackoverflow.com/questions/3979385/a-good-way-to-encrypt-database-fields-django

deleted-user-851401 | 5 posts | July 5, 2015, 3:10 a.m. | permalink

It all depends on the threat you're protecting against. If someone managed to get access to your database but not your code, then using encryption in the database could potentially help (if it was done properly). But it is a huge hassle.

The most important thing IMO is to make sure that you use super-secure passwords for everything. 20-character randomly-generated ones are good.

Staff giles | 12095 posts | PythonAnywhere staff | July 5, 2015, 6:48 p.m. | permalink