堆栈内存溢出
  简体   繁体   English

在 0.0.0.0 上以调试模式运行 Flask 应用程序不是很危险吗?

[英]Isn't it dangerous to run a Flask app in debug mode on 0.0.0.0?

 原文  2020-09-22 06:54:14       python/ flask

问题描述

Configure Flask dev server to be visible across the.network 将 Flask 开发服务器配置为在整个网络中可见

Meaning it runs on my PC's IP address visible to the entire inte.net and arbitrary Python code can be run via my Flask app?这意味着它在我的 PC 的 IP 地址上运行,整个 inte.net 都可见,并且可以通过我的 Flask 应用程序运行任意 Python 代码?

1 个解决方案

解决方案1
 2 已采纳  2020-09-22 19:03:54

The direct answer is: yes, it is unsafe.直接的回答是:是的,不安全。 But then again, so is driving a car or eating at a new restaurant with bad reviews.但话又说回来,开车或在评价不佳的新餐厅用餐也是如此。

The point is evaluating the risk.重点是评估风险。 Things to consider:需要考虑的事项:

  1. Are you launching this on a home.network?您是在 home.network 上启动它吗? In which case, your router almost certainly comes with its own firewall (and I only don't make the assertion because I can't possibly cover every single case).在这种情况下,您的路由器几乎可以肯定带有自己的防火墙(我只是不做出断言,因为我不可能涵盖每一种情况)。 The server will not be accessible outside of the home.network.服务器将无法在 home.network 之外访问。 Maybe there's a malicious housemate harbouring resent and waiting to pounce?难不成是心存怨恨等着扑上去的恶毒室友?
  2. Are you launching on an intr.net.network?您是在 intr.net.network 上启动吗? This would be accessible to everyone on the.network. .network 上的每个人都可以访问。 The vast majority of people won't be scanning the.network for open ports, but you can't rule it out.绝大多数人不会在 .network 上扫描开放端口,但您不能排除这种可能性。 Low risk., but it could happen that someone finds it.低风险。但可能有人会发现它。
  3. Are you running this on a server with a dedicated IP (not an internal IP like 10.0.0.x or 192.168.xx )?您是否在具有专用 IP(不是内部 IP,如10.0.0.x192.168.xx )的服务器上运行它? Is the particular port you're running on open to the wider inte.net eg no firewall or special rules for that port?您运行的特定端口是否对更广泛的 inte.net 开放,例如,该端口没有防火墙或特殊规则? In which case, expect to get requests.在这种情况下,期望得到请求。
  4. Can someone landing on the site actually do something malicious ?登陆网站的人真的可以做一些恶意的事情吗? The whole point of having a web server is for other people to access it.拥有 web 服务器的全部意义在于其他人可以访问它。 If discovering your app is enough to be a real concern then it's just broken and you should be testing your fears on localhost .如果发现您的应用程序足以成为一个真正的问题,那么它就坏了,您应该在localhost上测试您的恐惧。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法在Google App Engine上运行Flask调试模式 - Can't run Flask debug mode on Google App Engine Flask 无法在 0.0.0.0 上运行 - Flask not able to run on 0.0.0.0 无法访问GCE上0.0.0.0上运行的Flask应用 - Can't access Flask app running on 0.0.0.0 on GCE 调试模式下的 Flask 应用程序不会显示信息或调试日志消息 - Flask app in debug mode won't show info or debug log messages Flask不适用于调试模式 - Flask don't work with debug mode 无法在Flask中启用调试模式 - Can't enable debug mode in Flask 默认情况下,flask 在特定页面上的 0.0.0.0 上运行 - flask run on 0.0.0.0 on specific page by default 为什么 app.run 与调试模式不工作? - Why is app.run with debug mode on not working? “flask --app hello run --debug”错误:没有这样的选项:--debug - "flask --app hello run --debug" Error: No such option: --debug Flask 未激活调试模式 - Flask not activating debug mode
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM