{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ら.Afraid 的问题《python, flask, web app security [closed]》','https://www.manongdao.com/q-1304915.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
when deploying on flask I want to edit the sqlite database from the web app and I ran in to chmod permission problems so I just made the entire directory accessible to users other than root, but is this secure, probably I should create a separate group for the www access and root access and only allow that group of root and www to access the folder, but is it a security vulnerability if I simply make the folder that I deploy to with flask and apache chmod777, no one could access that anyways right through apache so it wouldn't make my web app vulnerable to attack right? thx -
相关问题
- how to define constructor for Python's new Nam
- streaming md5sum of contents of a large remote tar
- How to get the background from multiple images by
- Evil ctypes hack in python
- Correctly parse PDF paragraphs with Python
No, this is definitely not secure. Now everyone has access to your database.
You need to do the following, but this should already be taken care of by the package manager for your distribution:
Your code should be in a separate directory, only accessible by your own user and NOT accessible by the web server process.
Under no circumstances, should you EVER do any of the following:
777for any directory that is used in your web application