In my pyramid app it's useful to be able to log in as any user (for test/debug, not in production). My normal login process is just a simple bcrypt check against the hashed password.
When replicating user-submitted bug reports I found it useful to just clone the sqlite database and run a simple script which would change everyone's password to a fixed string (just for local testing). Now that I'm switching over to postgresql that's less convenient to do, and I'm thinking of installing a backdoor to my login function.
Basically I wish to check os.environ (set from the debug.wsgi file which is loaded by apache through mod_wsgi) for a particular variable 'debug'. If it exists then I will allow login using any password (for any user), bypassing the password check.
What are the security implications of this? As I understand it, the wsgi file is sourced once when apache loads up, so if the production.wsgi file does not set that particular variable, what's the likelihood of an attacker (or incompetent user) spoofing it?
In order to instantiate the server application with that debug feature in environment, the attacker would have to have the hand over your webserver, most probably with administrative privileges.
From an outside process, an attacker cannot modify the environment of the running server, which is loaded into memory, without at least debug capabilities and a good payload for rewriting memory. It would be easier to just reload the server or try executing a script within it.
I think you are safe the way you go. If you are paranoid, ensure to isolate (delete) the backdoor from the builds to production.
Related
I have a windows application built with progress openedge technology.
I have created a python script to generate an excel file but I need to deploy it to the client and im afraid of requiring special permissions on the client side if I compile it to .exe and attempt to run it.
Can someone suggest me a method to be able to integrate python with my project smoothly without breaking anything?
You could compile it on your own machine then try to run it while logged in as a guest user. If a guest account can run it without complaints it will probably run fine on the client machine.
This is crude because you still haven't tested all possible client platforms (unless you're talking about one specific client), also we don't know what's inside your script.
Use icacls to set appropriate permissions of your compiled script before shipping.
I'm not sure about the special permissions thing, but is it possible for you to turn your script into a CGI program and stick it on your webserver, or wrapper it with WebSpeed? Then your app could call a web service to get the .xls file.
I am about to decide on programming language for the project.
The requirements are that some of customers want to run application on isolated servers without external internet access.
To do that I need to distribute application to them and cannot use SaaS approach running on, for example, my cloud (what I'd prefer to do...).
The problem is that if I decide to use Python for developing this, I would need to provide customer with easy readable code which is not really what I'd like to do (of course, I know about all that "do you really need to protect your source code" kind of questions but it's out of scope for now).
One of my colleagues told me about Docker. I can find dozen of answers about Docker container security. Problem is all that is about protecting (isolating) host from code running in container.
What I need is to know if the Python source code in the Docker Image and running in Docker Container is secured from access - can user in some way (doesn't need to be easy) access that Python code?
I know I can't protect everything, I know it is possible to decompile/crack everything. I just want to know the answer just to decide whether the way to access my code inside Docker is hard enough that I can take the risk.
Docker images are an open and documented "application packaging" format. There are countless ways to inspect the image contents, including all of the python source code shipped inside of them.
Running applications inside of a container provides isolation from the application escaping the container to access the host. They do not protect you from users on the host inspecting what is occurring inside of the container.
Python programs are distributed as source code. If it can run on a client machine, then the code is readable on that machine. A docker container only contains the application and its libraries, external binaries and files, not a full OS. As the security can only be managed at OS level (or through encryption) and as the OS is under client control, the client can read any file on the docker container, including your Python source.
If you really want to go that way, you should consider providing a full Virtual Machine to your client. In that case, the VM contains a full OS with its account based security (administrative account passwords on the VM can be different from those of the host). Is is far from still waters, because it means that the client will be enable to setup or adapt networking on the VM among other problems...
And you should be aware the the client security officer could emit a strong NO when it comes to running a non controlled VM on their network. I would never accept it.
Anyway, as the client has full access to the VM, really securing it will be hard if ever possible (disable booting from an additional device may even not be possible). It is admitted in security that if the attacker has physical access, you have lost.
TL/DR: It in not the expected answer but just don't. It you sell your solution you will have a legal contract with your customer, and that kind of problem should be handled at a legal level, not a technical one. You can try, and I have even given you a hint, but IMHO the risks are higher than the gain.
I know that´s been more than 3 years, but... looking for the same kind of solution I think that including compiled python code -not your source code- inside the container would be a challenging trial for someone trying to access your valuable source code.
If you run pyinstaller --onefile yourscript.py you will get a compiled single file that can be run as an executable. I have only tested it in Raspberry, but as far as I know it´s the same for, say, Windows.
Of course anything can be reverse engineered, but hopefully it won´t be worth the effort to the regular end user.
I think it could be a solution as using a "container" to protect our code from the person we wouldn't let them access. the problem is docker is not a secure container. As the root of the host machine has the most powerful control of the Docker container, we don't have any method to protect the root from accessing inside of the container.
I just have some ideas about a secure container:
Build a container with init file like docker file, a password must be set when the container is created;
once the container is built, we have to use a password to access inside, including
reading\copy\modify files
all the files stored on the host machine should be encypt。
no "retrieve password" or “--skip-grant-” mode is offered. that means nobody can
access the data inside the container if u lost the password.
If we have a trustable container where we can run tomcat or Django server, code obfuscation will not be necessary.
So I'm using Flask for a website and I'm using the extension Flask Mail to send emails for me. Unfortunately, my email server doesn't support CRAM_MD5 (for a valid reason) so when smtplib.py (Python system library file) reaches the line that is:
preferred_auths = [AUTH_CRAM_MD5, AUTH_PLAIN, AUTH_LOGIN]
it uses CRAM, and fails because of an authentication error. On my development server, I just edited the file and switch the order of PLAIN and CRAM and faced no problems. My system admin doesn't want to make this change every time he does a server build if he can help it so I was wondering if there was a way I could overwrite that system library variable from my Flask application? My Flask application is a little large so if there is a way to do this, I can post a structure of my application. I mostly want to know if it is possible to overwrite variables in system libraries and if so, the standard procedure for doing so. Thanks!
I have a Django application that runs on apache server and uses Sqlite3 db. I want to access this database remotely using a python script that first ssh to the machine and then access the database.
After a lot of search I understand that we cannot access sqlite db remotely. I don't want to download the db folder using ftp and perform the function, instead I want to access it remotely.
What could be the other possible ways to do this? I don't want to change the database, but am looking for alternate ways to achieve the connection.
Leaving aside the question of whether it is sensible to run a production Django installation against sqlite (it really isn't), you seem to have forgotten that, well, you are actually running Django. That means that Django can be the main interface to your data; and therefore you should write code in Django that enables this.
Luckily, there exists the Django REST Framework that allows you to simply expose your data via HTTP interfaces like GET and POST. That would be a much better solution than accessing it via ssh.
Sqlite needs to access the provided file. So this is more of a filesystem question rather than a python one. You have to find a way for sqlite and python to access the remote directory, be it sftp, sshfs, ftp or whatever. It entirely depends on your remote and local OS. Preferably mount the remote subdirectory on your local filesystem.
You would not need to make a copy of it although if the file is large you might want to consider that option too.
Is it possible to run django without shell access? My hoster supports the following for 5€/month:
python (I assume via mod_python)
mysql
There is no shell nor cronjob support, which costs additional 10€/month, so I'm trying to avoid it.
I know that Google Apps also work without shell access, but I assume that is possible because of their special configuration.
It's possible but not desirable. Having shell access makes it possible to centralise things properly using symlinks.
Get a better host would be my first suggestion. WebFaction is the most recommended shared host for using with Django.
If that's out of your price range, there are plenty of hosts that give you a proper system account (vs just a ftp account) and have mod_python or mod_wsgi (preferred now).
Google Apps works without shell because their system looks for a dispatcher script that you have to write to an exact specification.
It is possible.
Usually you will develop your application locally (where shell access is nice to have) and publish your work to your server. All you need for this is FTP access and some way to import a database dump from your development database (often hosters provide an installation of phpMyAdmin for this).
python (I assume via mod_python)
From my experience, you are most certainly wrong with that assumption. Many low-cost providers claim to support python but in fact provide only an outdated version that can be used with CGI scripts. This setup will have a pretty low performance for Django apps.