I am working on a Python WebSocket server. I initiate it by running the python server.py command in Terminal. After this, the server runs fine and actually pretty well for what I'm using it for. The server runs on port 8000.
My question is, if I keep the server.py file outside of my localhost directory or any sub-directory, can the Python file be read and the code viewed by anyone else?
Thanks.
It is hard to give a definite yes or no answer, because there are a million ways in which your server may expose the .py file. The crucial point is though, that your server needs to actively expose the file to the outside world. A computer with no network-enabled services running does not expose anything on the network, period. Only physical access to the computer would allow you access to the file.
From this absolute point, it's a slow erosion of security with every additional service that offers a network component. Your Python server itself (presumably) doesn't expose its own source code; it only offers the services it's programmed to offer. However, you may have other servers running on the machine which actively do offer the file for download, or perhaps can be tricked into doing so. That's where an absolute "No" is hard to give, because one would need to run a full audit of your machine to be able to give a definitive answer.
Suffice it to say that a properly configured server without gaping security holes will not enable users to download the underlying source code through the network.
Related
thanks in advance
I have a nginx server in which i am running python tornado application server. My tornado server conatins api endpoints(Handler), Models (DB table models) and the code for their respective services. We are using it as a backend service for an app that sells goods. Recently, we have implemented a complain feature that lets you upload image for the products.
I have to write code in python to convert base64 image into actual jpg/png (which is done), and then upload it to a different windows server(i m stuck in uploading part). I have been researching about it and found a few ways like
FTP
by RemoteDesktopConnection (it is clearly not for me)
and a few more.
if there is any better way to do this plz tell. i am not really experienced so plz explain your answers in a bit detail. Thank you for your time.
previously i was storing it in my application server which is clearly not a good thing to do and i was not able to expose the url for images also.
If it just needs to be a file in a directory on the other windows server, one could turn on file sharing for the specific directory on the other windows server and then smb mount that directory onto your application server. Then your python code could simply write a file to that directory.
A fairly good guide for doing this can be found here
Note that in a final production environment you want to be sure that the security is set appropriately (which is beyond the scope of this question).
With this question I would like to gain some insights/verify that I'm on the right track with my thinking.
The request is as follows: I would like to create a database on a server. This database should be updated periodically by adding information that is present in a certain folder, on a different computer. Both the server and the computer will be within the same network (I may be running into some firewall issues).
So the method I am thinking of using is as follows. Create a tunnel between the two systems. I will run a script that periodically (hourly or daily) searches through the specified directory, convert the files to data and add it to the database. I am planning to use python, which I am fairly familiar with.
Note: I dont think I will be able to install python on the pc with the files.
Is this at all doable? Is my approach solid? Please let me know if additional information is required.
Create a tunnel between the two systems.
If you mean setup the firewall between the two machines to allow connection, then yeah. Just open the postgresql port. Check postgresql.conf for the port number in case it isn't the default. Also put the correct permissions in pg_hba.conf so the computer's ip can connect to it.
I will run a script that periodically (hourly or daily) searches through the specified directory, convert the files to data and add it to the database. I am planning to use python, which I am fairly familiar with.
Yeah, that's pretty standard. No problem.
Note: I dont think I will be able to install python on the pc with the files.
On Windows you can install anaconda for all users or just the current user. The latter doesn't require admin privileges, so that may help.
If you can't install python, then you can use some python tools to turn your python program into an executable that contains all the libraries, so you just have to drop that into a folder on the computer and execute it.
If you absolutely cannot install anything or execute any program, then you'll have to create a scheduled task to copy the data to a computer that has python over the network, and run the python script there, but that's extra complication.
If the source computer is automatically backed up to a server, you can also use the backup as a data source, but there will be a delay depending on how often it runs.
I am building a python script which needs to run infinitely on a server. It will access a Microsoft Exchange server and read mails, process them and trigger automated voice calls.
I have successfully implemented the automated call action. Presently the script runs on my PC. I have three questions.
For running the script on a server instead of PC, does the syntax of the code other than connecting to the server needs to change? I mean, the parts where I'm reading mails and triggering calls, does that need to be changed? Or can the same script run on a server? If it does need change, can somebody please attach what changes need to be done.
Since I need to run the script on a server, and access a Microsoft Exchange server, can the script be run on the Exchange server itself? If yes, please attach helpful resources.
The script does not take any input as such, but it accesses a couple of files that need to edited manually from time to time. How should I achieve that?
The distinction between PC and Server doesn't matter. Your script will require a set of resources and may make assumptions about the OS it's running on. Those are the things that matter. As long as the required resources are there, it should run fine. For example, if your script requires Python 3.6+ to run, then you must have Python 3.6+ installed on either the Server/PC. If you are using a particular python package, then it should be installed. If you make assumptions about where files are located on disk, those paths either need to be OS independent, or match the OS of the Server/PC, and those files need to be there. But the syntax of the python shouldn't change.
If your goal is to run the python server as a service on the server, then more information about what type of server (windows/linux) is required. Assuming you are considering running it on an exchange server, I suppose it's most likely you'll want to run on Windows. This has been asked and answered here. In relation to your code, you will want to make sure your script can be handled as a library, and you won't want to call sys.exit inside your code, but should rely on exceptions to pass up errors. My preferred pattern is something like
def main(argv=None):
# parse arguments if you have them and run the script
if __name__ == '__main__':
main()
Then in your service you can import and call main(...) without running another executable.
See #1. Whether it can run on that server depends on whether all of the required resources and files are available there. There is possibly a question of whether you would WANT to run the script on your exchange server. That answer depends on the load the script takes, how busy/active your server is, Whether you want the extra software installed on your server, etc.
Your best solution here will depend on your situation. If you can login and edit the files, then maybe that's what you do. If you want to edit them on your PC and then push them up, then there are solutions for that. All depends on what makes sense for your project/situation.
I've been wanting to run my own server for a while and I figured that running one for my django website would be a good start. What do you recommend I use for this? I've been trying to use a Ubuntu Virtual Machine to run it on one of my old laptops that I don't really use anymore until I can buy a dedicated server.
Should I run it from a Virtual Machine? If so, would Ubuntu be best? That appears to be the case, but I want to be sure before I invest in anything. I want to be able to access the website from other computers, just like any other website. Am I going about this wrong? If so, what can you suggest me?
Yes, you will need a static IP address.
If this is your first experiment, my advice would be:
1) Use an old, dedicated PC with no other stuff on it. Unless you do it just right, you should presume hackers could get anything on the disk...
2) Why make life complex with layer after layer of software? Install Ubuntu and run a standard server under a Unix OS
3) Be very careful about the rest of your attached network. Even if the PC is dedicated, unless you properly managed port forwarding, etc., ALL of your computers could be susceptible to attack.
An old friend of mine discovered, back in the Napster peer-to-peer days, that he could basically go and read EVERYTHING on the hard drives of most people who had set up Napster on their computer.
It really depends on your requirements. Will you be accessing the website externally (making it public) or locally? Running Django from your laptop can work but if you are planning to make it public, you will need an external IP to point your domain to. Unless you have a business account, ISPs usually don't give static IPs to individual customers. Ubuntu would be a wise choice and you can run conda or virtualenv easily.
VPS are quite cheap these days. You can look into AWS free tier that provides you with 500 hours/month on a micro server.
If you are planning to access your website internally then you don't need anything other than your laptop or perhaps raspberry pi. If you are trying to make it available for everyone on the external network, VPS would be the best bet.
Currently, and this changes often, I like to either setup a local development environment using virtualenv (to install dependencies) and Ngrok (to expose machine to an external address) or C9.io. If you want further info about setup, I'm happy to provide.
As already stated Ubantu is a good choice but there is also Debian. I use Debian because I started off working with a colleague who was already using it and I find it very good. I began with an old, disused desktop PC which I nuked and turned into a proper linux server. For development I didn't need a very high spec machine. (Think it has 1 GB ram) I have it set up in my flat and my domestic internet connection is fine for most of my needs. Note: It isn't necessary to have a static IP address for development, although it is preferable if you already have one. As an alternative you can use a service such as dnydns.org where you can set up virtual domain names that point to your domestic dynamic IP address. Most routers these days have facilities within them for updating services like dyndns.org with your new dynamic IP address or you can install a plug-in to your server that will do this for you. All my projects have their own virtualenvs and I have VNCServer installed so I can access my server and work from anywhere where I have an internet connection. I've been running this way for the past three years with some household name clients and haven't had any issues at all.
When it comes to production you can simply use any of the many VPS services that are out there. Amazon has already been mentioned. Someone recommended creating a droplet at DigitalOcean.com as I was wanting to host django applications and I find them to be very good and cost effective. Anyway just my 2 cents worth...hope it helps
Here is the problem: I do have several python packages that do have unittest that do require access to different online services in order to run, like connecting to a postgresql database or a LDAP/AD server.
In many cases these are not going to execute successfully because local network is fire-walled, allowing only basic outgoing traffic on ports like 22, 80, 443, 8080 and 8443.
I know that first thing coming into your mind is: build a VPN. This is not the solution I am looking for, and that's due to two important issues: will affect other software running on the same machine probably breaking them.
Another solution I had in mind was SSH port forwarding, which I successfully used but also this is very hard to configure and worse it does require me to re-configure the addresses the python script is trying to connect to, and I do not want to go this way.
I am looking for a solution that could work like this:
detect if there is a firewall preventing your access
setup the bypassing strategy (proxy?)
run the script
restore settings.
Is there a way to setup this in a transparent way, one that would not require me to make changes to the executed script/app ?
Is it possible to have the script itself run through these steps? By this I mean have the setup phase of your unit tests probe for firewall, and if detected dynamically setup a proxy somehow, use it to run unit tests, then when done teardown proxy. That seems like it would achieve the transparency you're aiming for.