I wrote this elsewhere, but this is how Patreon created a problem for themselves.
It's pretty easy to enable debug within Werkzeug but it isn't enabled by default. It's also not by default listening on "0.0.0.0" but rather instead by default "127.0.0.1".
Here's exactly what they did in the code (this is straight from the dump):
web_app.debug = patreon.config.debug
web_app.run('0.0.0.0', port=args.port, use_reloader=False)
Then in the patreon.config.debug string, it had a true statement:Whoever enabled this server wouldn't have fed arguments to enable it as it was hard-coded into the application. All someone had to do was just type "python patreonweb.py" and the server would be ready to go with debug-mode enabled.debug = True
Detectify Labs wrote a blog entry and linked to a previous one of mine. Don't enable debug on Internet-facing servers and if you can help it don't enable it to listen on "0.0.0.0" either.
This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information. Keep it up. Keep blogging. Looking to reading your next post. Quick Locksmith Toronto
ReplyDelete