Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 years ago.
Improve this question
I'm not sure how to title this. Heck, this isn't even a python issue because the code is working properly. Let me explain, this might take a while.
So, I've been working in a discord bot that runs code. Probably one the worst ideas I had, but I love the potential that it could have (and the wacky outcomes of people trying to break it), and this is what I ended up with.
I know that it's not pretty, but it's mine and I'm quite proud of it. It works and everything! And while I'd love to get people to tell me how the code could be improved and how much does my code sucks, that's not exactly the problem I have.
So, this bot lets everyone run any code they want. ANYTHING. And I don't even worry about it. I'm going to be running it in a raspberry Pi that I zeroed several times, then installed docker on it. I don't really care about what could people do to it since there won't be any sensitive data. Well, almost. Here's the problem.
So, the last line in my code is this.
bot_client.run(token)
That token is the API bot key from discord. I don't really want anyone to be able to know it, since they could get their own bots in a server using it. But anyone could write a piece of code that reads the file. I'm quite lost. I'm not sure how could I protect that API key. I've tried a few things, most of them related to unix permissions and users/groups, but none of them worked because the files that the bot create will inherit the same user, so I can't put them in different users and call it a day.
Any idea about how could I do this? Just to be clear, this is what I want to avoid.
Well this is a general application design issue. Currently you have a main script that creates new python processes to execute the code, and by default the subprocess has full access to your disk thus to your sources.
IMHO, you should manage at the OS level a way so that the Python interpreter started in the subprocess has no access to the folders of the application source. But that will only come at a cost, because you will have to setup 2 different security roles and a communication channel between them.
The first idea that come to mind would be an auxilliary daemon process running under a different user having no access at all on the source folder of the application. That daemon would have to start the child Python scripts. You could use a (unix domain) socket or any other IPC channel to pass the text in one side and the input/error in other side.
I'm sorry that it is just a hint, but I now realize that you question leads to a rather broad problem.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
For all those who are not familiar with ren'py: It's basically python with some modifications. Since the project is coded in python, which can easily be edited by anyone it is not a good idea to include a license validation in the python files.
An executable starts the game, so I thought about wrapping it with a license validation in an .exe (but I honestly don't know how I can take an executable, put some code around and have one executable including the actual one). Maybe there is another way, which is safer than the one I named, suggestions?
You don't. Ren'Py only features basic encryption to prevent players from accidentally deleting/modifying files.
As security, game encryption isn't a fight worth picking. You have to decrypt the files to run them and that will always be a weak point to exploit. Anything you put on top is just delaying whoever wants in. You can write your game in binary and it will do exactly squat to someone who really wants to take it apart.
Ren'Py is designed to be mod friendly. Nothing you do will stop someone from dropping a rpyc file into the game directory and hooking into the game. Even if you modify the engine to only read specific files, you won't stop someone who can just insert the functionality back in. All you're really doing is making it more difficult to preserve the game after you're dead.
Nintendo can't stop people from extracting assets from their games. You don't stand a chance. You should hope to be so lucky as to have people interested enough in your game to want to mess around with the assets and code.
If you're talking about a license players need or some sort of login mechanism, you need to implement an online server to validate the credentials they input. There is no secure front-end way to validate credentials.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
Sorry for this really vague question but I am just sort of stuck on how to phrase this question so I haven't really been able to find a proper answer just by googling.
Essentially, I have this python script that alters a csv file in a very specific way. Right now it runs fine on my local machine, but I need this to work with the web. Essentially what I want to be possible is for someone to upload their CSV to my site, it would automatically send to my server, my script would see this, manipulate it in the way necessary, and then send it back once it was finished. Does anyone know any methods of doing this that I should look into?
Again, sorry this is so poorly researched sounding but I am just having a lot of trouble properly phrasing it so I haven't been able to find much.
Thanks!
Multiple ways to make it happen.
Use synchronous flow
You would upload the file from the browser, that would be handled by the Flask handler, the handler would process the file and return the updated file in the response. Here you can also use polling to poll the server to see if the processing is done or not using ajax along with polling you can use a loader.
Problem: processing large file, slow internet connection
Use asynchronous flow
You would upload the file from the browser, that would be processed later using some Celery task, other background processor or crontabs that would manipulate the file in the background.
Post manipulation of the file, you can either give an option in the user profile to download the file, send an email attachment or provide download a link, etc.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I know this is technically a duplicate question, but I believe it is valid since the original question was submitted 7 years ago and Python/web security has come a long way since then.
I would like to build a web app that allows users to input python code (through the Ace editor package) and then execute it in the browser using a python interpreter on the server. I cannot use pypy.js because I need to use numpy, pandas, and matplotlib. Essentially I would like to make my own Codecademy (I am a teacher and would like to create Codecademy-like courses for my students). Sadly the create-a-course thing Codecademy mentioned at one point has come to nothing.
I'm using Flask, but I could learn Django if that would be easier.
What is the best way to allow my users to run the python code without allowing them to affect the rest of the program or access files outside of what they're allowed to?
There were no fundamental changes in Python or web security the last 7 years. It is still suicidal to allow users to run code on your server.
However, what did change is the availability of lightweight VM solutions like docker.
For an example how this could work have a look at https://civisanalytics.com/blog/engineering/2014/08/14/Using-Docker-to-Run-Python/ . I will not reference this solution here as you will found other examples, even if this one goes away.
However, this might be more safe then running user code direct on your server, BUT
the user code is still running on your server. It might be not possible to escape the docker image, but a malicious user could still upload for eg. a denial of service tool and start an attack from your server. Or sniff your network traffic or whatever.
there are or at least might be ways to break out of the docker image.
For a controlled environment like a classroom those risks might be acceptable, but for a public server you would need a lot of security know how to further lock down the server and the docker image and filter available python functionality.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have to write something to ping more than 3000 IP address every time(nonstop) and i should check if an IP has not respond to ping x times in a row, report it to operators. I do not know what kind of subjects i have to take care of: such as resource checking, threading or processing, using celery or RabbitMQ(since i do not have any experience working with them) or anything else? I seriously do not have a clue to start from where?
I appreciate any idea in advance.
Do you have to reinvent this? There are lot of excellent monitoring apps (including free, open-source ones) already out there, e.g. Nagios, Splunk, Ganglia to name a few.
There are lots of problems you will come into doing it yourself, some ideas that come immediately to mind:
Running out of resources on the monitoring box itself (i.e. it is starved of CPU / network to do all that monitoring). This shouldn't be a problem for those numbers, but at greater scale it would be.
Dealing with multi-threading in your Python app. It's always hard, especially when things go wrong.
Dealing with flapping of these services (possibly less of an issue just for pings).
"Who monitors the monitor?"
Firewalls / routers ditching responses to pings on healthy boxes.
Detecting higher-level issues for that machine (i.e. pings still responding, but everything else useful on that machine is dead, out of disk, etc).
If you do still want to do it yourself, I'd start with a basic doing Queue using a round-robin approach.
You could try scheduling these tasks with Generators (but can be quite hard to understand / debug), or go straight to multi-threading. As you say, using an AMQPimplementation like RabbitMQ would be good to allow persistence (so you can restart your python program, etc), but sounds a bit like overkill to start with.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I need to make a chess multi-player game that works over the internet. I am a beginner to programming and networking alike, although I have managed the GUI based chess platform.
Now I need to overcome the challenge of configuring the game over the internet.
In order to do that, I would like to use a third party application or software (anything but socket programming) to make the python programs running on two machines talk to each other. What I am hoping to do is, that whenever someone makes a move, I want to send a string/list of the updated coordinates of his/her chess pieces over the internet to the second player, so that he can see what move has been made. Can anyone please tell where to start from or what to read regarding the same? Is the idea of sending the updated string/ list of coordinates feasable using an open source chat utility like telepathy?
You'd want to use the socket module. Example programs. It really isn't so difficult to use socket, basically the server end has to bind(), listen(), then accept() and the client has to simply connect(). From there recv() and sendall() can be used to receive and send data respectively. If you really don't want to use socket, then you could use a chat protocol like IRC or XMPP.
A chat/IM solution seems like a fine idea.
For chat/IM, you could use Jabber/XMPP. You would either need to set up your own server or find someone hosting one for the public. Setting up a Jabber server is fairly easy, you can use OpenFire for example. For connecting to Jabber, you could use python xmpp libraries to send and receive the messages. This might be the simplest approach because the Jabber libraries tend to be very easy to use. (I've done it in Java and .NET, not python, though).
Another approach would be to use something like twitter messaging. See Python Twitter library: which one? for a recommendation for a library which supports direct messaging (which is what you need). The advantage of this, is that once you learn the twitter API, you don't need your own server.
This is a broad, opinionated question but my go-to network communication protocol in Python is Twisted's Perspective Broker. It's event driven, kind of complicated to setup and requires control of the program's event loop but it works great. It allows for two-way communication between the client and server, and has the convenience of remote objects.