问题
when deploying on flask I want to edit the sqlite database from the web app and I ran in to chmod permission problems so I just made the entire directory accessible to users other than root, but is this secure, probably I should create a separate group for the www access and root access and only allow that group of root and www to access the folder, but is it a security vulnerability if I simply make the folder that I deploy to with flask and apache chmod777, no one could access that anyways right through apache so it wouldn't make my web app vulnerable to attack right? thx -
回答1:
I ran in to chmod permission problems so I just made the entire directory accessible to users other than root, but is this secure
No, this is definitely not secure. Now everyone has access to your database.
probably I should create a separate group for the www access and root access and only allow that group of root and www to access the folder
You need to do the following, but this should already be taken care of by the package manager for your distribution:
- Create a user that will be used to run the web server.
- Launch the webserver as root (you have to do this, since it will listen on ports < 1024), and then switch the process to the user you created in #1
- Make sure any static assets (javascript files, css files, images, stylesheets, etc.) are read only for this user, have read write access for your own user, and all others have read access only.
Your code should be in a separate directory, only accessible by your own user and NOT accessible by the web server process.
Under no circumstances, should you EVER do any of the following:
- Change your permissions to
777for any directory that is used in your web application - Put your code in the same directory which you use for your static files.
来源:https://stackoverflow.com/questions/25277419/python-flask-web-app-security