Update docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-798/README.md

myteron · web-flow · commit b1a4738e0105 · 2025-03-24T12:24:36.000Z
Signed-off-by: myteron &lt;myteron@gmail.com&gt;
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-798/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-798/README.md
@@ -89,7 +89,7 @@ Create reusable components by separating deployment such as connection informati
 |Hardcoded `UIDs`, `GIDs`|identity names|
 |Hardcoded `IPs` or ports|Rather than hardcoding IP addresses DNS should be properly implemented in the deployment in combination with solutions such as:<br>- `RFC 9250` - [DNS over Dedicated QUIC Connections (ietf.org)](https://datatracker.ietf.org/doc/rfc9250/)<br>- `RFC 7858` - [Specification for DNS over Transport Layer Security (TLS) (ietf.org)](https://datatracker.ietf.org/doc/html/rfc7858)<br>- `RFC 6494` - [Certificate Profile and Certificate Management for SEcure Neighbor Discovery (SEND) (ietf.org) for IPV6](https://datatracker.ietf.org/doc/rfc6494/)<br>- `DNSSEC` [RFC 9364](https://datatracker.ietf.org/doc/html/rfc9364), `RFC 6014`, `5155`, `4641`....<br><br>The order and ways to resolve IPs is configured via `/etc/nsswitch.conf` on most Unix systems.<br><br>Using `mTLS` with a high granularity of machine identities can reduce or remove `DNS` related risks.|
 
-The `compliant01.py` code is using a `config.ini` file that is created by the deployment represented by `TestSimulateDeployingFrontEnd` and provided to the deployed front_end method representing the component we deploy. Using configuration files such as `ini`, `yaml` or `json` allows a language independent solution (`bash` vs `python`). The deployment, represented by `TestSimulateDeployingFrontEnd`, steering these files also secures them by making them read only to a single user via `self.config_file_path.chmod(0o400)`.
+The `compliant01.py` code is using a `config.ini` file to decouple connection information. The deployment represented by `TestSimulateDeployingFrontEnd` is now in full control of proving connectivity information to the `front-end` and `back-end`. Using configuration files, such as `ini`, `yaml` or `json`, allows a language independent solution (`bash` vs `python`). The deployment, represented by `TestSimulateDeployingFrontEnd`, steering these files also secures them by making them read only to a single user via `self.config_file_path.chmod(0o400)`. The password based identity verfication is replaced with a certificate based solution.
 
 *[compliant01.py](compliant01.py):*
 
