Posted: Sat Feb 09, 2013 2:10 am Post subject: Re: RE:What is the best way for a web server to run command line scripts?
Tony @ Fri Feb 08, 2013 1:08 pm wrote:
Flask is also a good web framework for Python.
Flask is much smaller and flexible. Combine it with sh and you have yourself a winner.
Posted: Sun Feb 10, 2013 2:51 am Post subject: RE:What is the best way for a web server to run command line scripts?
Old guy interrupting;
Go team Pocoo (Flask).
Old guy bragging;
Had a pull request accepted into Pygments, so I get to pretend to be a contributor to team Pocoo. Go Georg.
Posted: Mon Feb 11, 2013 11:03 am Post subject: RE:What is the best way for a web server to run command line scripts?
You have to be rather careful when having a web application execute commands that the user has some control over or you can run in to security issues rather fast.
If your web server is running as root, this could give them total access to the server. I highly recommend ensuring that your web server is chrooted or not running as root and you take care to escape any input coming from the user.
If you are allowing users to upload code to be complied and then executing that code, I highly recommend to take steps to ensure they can't cause any damage. chrooting or running the code in a VM might be a good option but you might also want to consider separating the front end web application from the backend that complies and runs the program.
Computer Science CanadaHelp with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!