I have programmed in python a web application using flask. I decided to deploy it from my home with a raspberry pi which runs the code continuously. I would like it to be accessible from a web browser and for that I have thought to configure my router to redirect the requests to my server. I also took care to configure my firewall accordingly. It turns out that the application works well and is perfectly accessible by typing its public IP in my URL bar. The problem is that I can't access it using a domain name. I have rented a new one and I have configured the DNS records so that it points to my server. I tested the DNS servers and it seems that the pointing is effective. However, when I enter the domain name I don't get my web application but the page of hostinger, the hosting company where I rented the domain name. I have contacted the technical department and they assure me that the problem is not in the DNS but in the hosting, so in my python code. This leaves me perplexed because my web application is accessible from its public IP. So the code should be good.
Please do not hesitate to ask me for additional details, either on the level of my python program or on the level of my server.
Thanks in advance for your help
Related
Every google search result on the question of "how to deploy a dash app" is about how to setup a dash server expose it to the web through a port or your webpage registered global DNS address.
In my case I can't do port forwarding as it is not allowed by sysadmin - and do not have a machine with sufficient resources to deploy my app.
However gradio, streamlit that creates a link that points to the local server worked like charm.
How can I do the same with dash, which basically means:
I start a server in the local machine
Create url accessible by anyone becomes available - that I can copy and share (limited time is also ok)
Do this in a secure way (no code injection vulnerabilities etc)
Do you have anything to propose?
I created a Python Dash Dashboard to interactively display sensitve customer Data. I am using the Dashboard via localhost on my laptop.
I a am initializing and running the app as such:
app = dash.Dash(__name__)
if __name__ == "__main__":
app.run_server(debug = True)
Could the data of the dashboard somehow be accessed by others or is it only accessible from my machine?
Dash is a Python framework built on top of Flask, Plotly.js, React, and React Js.
As per the official Flask documentation the development server on localhost cannot be accessed from outside the host machine unless explicitly configured to do so.
The simplest of Dash apps typically consist of one Python file and have this boilerplate code at the end:
if __name__ == '__main__':
app.run_server(debug=True)
This boilerplate can be modified to allow other devices on the network to access a locally hosted development server by adding the host parameter as follows:
if __name__ == '__main__':
app.run_server(debug=True, host='0.0.0.0')
I created a demo Dash Dashboard on my machine to test this.
At first I made no changes to my PC's firewall configuration and was unable to access the webpage from another computer.
Normally when a new application attempts to expose a port on Windows, you would get a Security Alert (assuming you're using the standard firewall, but other firewalls behave in much the same way):
Assuming that you have not configured the firewall, and you are running the app using the Flask development server and not a production WSGI server, and you haven't touched the config of the Flask dev server you'll be ok.
I was only able to access the app using the dev server once I had made that change to the host parameter. Otherwise accessing the dash webpage will not be possible.
EDIT:
Following what Matt said in his answer --
The asker of the question is using dash in a meeting to present results.
Assuming that you are only running the dashboard for the duration of the meeting, and your device is not actively under attack, and you are in control of the device at all times, generally, you should be ok. If you're worried about being attacked from a local network, don't connect to any networks.
If the data you are dealing with is unbelievably sensitive then it would be sensible to only take the aggregated data with you that you'd need to run the dashboard, if possible.
It depends on what your definition of "secure" is. If it's "can someone just point their browser at my IP and access it" then likely yes, it is secure; but it is not secure from other attacks.
Have you ever wonder how you can "login with google" to other website and see your google avatar ? That's because a website can often make requests to google to ask for informations. Google needs to often explicitly say "no your browser cannot make requests to google.com while visiting attacker.com, but https://stackoverflow.com/ can.".
Same for flask or dash and it's actually a feature and why you can "embed" dash in your enterprise website.
Now what if I create a website that when you load a page, loads http://localhost:8050/ via javascript and send the data to me, if you visit this website. I can likely exfiltrate your data.
Would you visit such a site on purpose ? Likely no. Do you trust all the websites you visit online and have never misclicked on streaming site show you DMCA protected content ? probably less certain.
So if you have really sensitive data no dash is not secure; Not enough by itself.
"Is a locally run python dash application secure for sensitive data?"
To a great extent the best answer is based upon your operating system.
If you are using any Microsoft Windows operating system beyond XP Pro (32 bit) with sp2, or XP Pro (64 bit) with sp1, or Windows 7 (32 or 64) with sp0, then NO.
I expect this to be down-voted. But, the truth is the truth and if you do not like it, then it is still the truth.
I wrote a python application and it works fine on my private network.
The application uses requests package and constantly fetching data from Yahoo.finance.
However when my computer is connected to my work network (either through VPN or where i am actually #work),
The application is not working.
Is there a way to make it work?
Asaf
Look into the firewall settings, or company list over blocked URLs.
It could be that your work has blocked the Yahoo.finance domain or specific applications from having outbound traffic as well.
You might also have success with privilege escalation to admin user which could grant you wider access.
Check if you can ping Yahoo.finance from a terminal or simply open it manually from a few different browsers (Edge, Chrome, Firefox etc.).
Then try to see if you from inside your Python application can fetch any URL with the request module, just to troubleshoot.
I Would like to write a little django web-app to be run in my local WLAN, to allow my customers to browse thru the offers that I made available.
The WLAN is not password protected and isolated from web.
Ideally, I would like that when a user connect to my wlan with a smartphone or tablet, he or she is been jumped directly to the offer webserver, without entering any address or url.
Is there any combination of port forwarding/triggering on the wlan router and the webserver that can accomplish this task ?
I think that for this purposes you need openwrt or similar firmware for your router, or as a second solution you can make one of your computers as internet-gateway, so router will get internet from this gateway, and on a gateway there should be an app/config/etc. , which redirect user to your app, when user firstly open any page.
I need to figure out which IP address my application is actually connecting to when it makes a urlfetch to a provided domain. My application on the production server is having problems connecting to a domain but connecting works perfectly fine using the SDK on my computer. I am trying to debug this problem and it occurred to me that Google App Engine may be resolving the domain to a different IP address than my local computer is.
If I had access to the socket library this would be as simple as socket.gethostbyname('thedomainiwant.com') but unfortunately Google does not allow the socket library on App Engine.
Any ideas?
If there is a solution that requires Java or Go on App Engine I am willing to try that too.
Update June 26, 2011:
I changed the production code to use the IP directly right away just to get this working (and it did) but this is not a good long term solution as I don't control the server I am making urlfetches to so the IP may change on me without warning.
Returned headers would not be helpful in this case because whatever IP address the production instance is resolving the domain to is not responding at all and the request times out.
If the server I am doing urlfetches to was blocking App Engine then doing an urlfetch by IP would not work either...but it does work. Also, I talked to the team managing the server and they confirmed they are not blocking App Engine. I am still pestering them for more info but it does not seem to be a problem on that end.
Update July 7, 2011:
Google has confirmed that there was a problem on their end that affected my application. They have applied a work around and are working on a fix. See here:
http://code.google.com/p/googleappengine/issues/detail?id=5244
There's currently no way to do name resolution on App Engine. You'll have to call an external service over HTTP if you want to do that.
Take a look at the response headers, you might get a HOST header back with exactly this info.
Otherwise, why not just use the raw IP's for your connections while you're diagnosing this?
You can use web services that perform DNS lookup. You can embed the address in the URL, like this:
http://www.dnswatch.info/dns/dnslookup?la=en&host=HOST_HERE&type=A&submit=Resolve
(replace the HOST_HERE) and then parse the result. Unfortunately it is HTML, but even simple regex should make it. You can also try find some service, which allows some XML output or so - there are a lot of such services, just type "dnslookup" in Google, someone might have it.