security issue: Python app creshed and project base code are been show to the public
Hi
i got a Python app that is running on an add-on domain, But some how the python app was killed and my project files are been exposed to the public,
including the credentials of project database.
a quick fix, i added an index.html to the project folder, to prevent the server from showing my project files.
1. Q. is there an another way to prevent the server from showing the project files if the python app been stopped by the user or by some error?
2. can you add a warring to
-
Hey there! As mentioned on that page, our support for they Python tools is *extremely* limited, as we don't offer any technical support for those tools. My only recommendation would be to setup the test application as outlined on the page and see if you can reproduce the odd behavior with the code being shown to the public. If that's the case with that, and you can provide me with reproduction steps on how you achieved that, I can get a warning added. But in general, we're pretty hands-off with those tools. 0 -
1. create python app ( python 3.9.12 because python 3.10 not supported yet by cloudlinux and litespeed ) Application root = django_test Application URL = django_test.domain.ltd Application startup file = passenger_wsgi.py Application Entry point = application 2. in terminal: $ source /home/user/virtualenv/django_test/3.9/bin/activate && cd /home/user/django_test $ pip install django $ django-admin startproject myapp ~/django_test 3. edit django_test/passenger_wsgi.py delete all and keep this line: from myapp.wsgi import application 4. Edit the myapp/settings.py file. search for allowed_hosts and change it to: ALLOWED_HOSTS = ['*'> 5. point the subdomain or the add-on domain to the same "/django_test" # my error! 6. restart the app. now if you stop the python app then the subdomain well take control and show the code to the world. of course pointing the "Application root" and subdomain "Document Root" to the same folder in our case (/django_test ) is 100% user error. p.s: if you like i can P.M you the link of my test subdomain link to see the error your self. 0
Please sign in to leave a comment.
Comments
3 comments