Right now I am storing the uploaded images in local path, so I want to create one FTP server where I can store all my images so that others who are accessing my API can access the uploaded images also
I am not understanding where to start and how to create an FTP server
my model:
class Resized_image(models.Model): image = models.ImageField(
upload_to=datetime.strftime(datetime.now(), "photos/%Y/%m/%d"), width_field='width', height_field='height', )
here i am specifying the local path to store uploaded images
I want to create an ftp server with uploads/ folder so that whatever the images I have uploaded using any server will be stored inside that uploads/ folder in ftp server
I think you are confusing the need for storing files, and FTP Service.
From what you have mentioned you have a Django app, which you want to store images.
If you can upgrade/add storage to the server that you are currently using, you do not need an FTP Server.
If you can not add storage to the server where the FTP Server is running, then consider other network based storage. Cloud, AWS....
If you still can not find any storage - then reluctantly (and I mean really reluctantly) consider ftp.
Why ?
It is a security nightmare.
It will create more problems than it solves
You should create users and password
People will forget these, and you will spend your life resetting them
all connections are easy to hack (un-encrypted communication channel to pass credentials)
For FTP - on Windows, it is built in to IIS. For Linux, you will need to add an FTP Server.
Related
I have a docker-based Flask app that I have been developing and it's nearing completion. I am currently moving to hosting it on AWS. The app allows users to generate various forms of content (usually image files) that are saved into a UGC folder within the /static folder of the app in my dev environment. This temporary solution worked fine in dev but it isn't going to suffice when ported to live as the static/ugc folder will be destroyed with each image update.
I therefore need an alternative solution and have been investigating EFS. Does anybody have experience with this service? Or in hosting persistent static files outside of a Docker app container in general and could advise?
You should probably look at using the S3 object storage service, via the boto3 python client.
There's also a flask extension, Flask-S3 which allows you to host general assets on S3 automatically. You'd probably need to code the logic for user-uploaded content yourself.
I am just about to go live with a website and am addressing security issues. The site has been public for some time but not linked to the search engines.
I log all incoming requests and today noticed this one:
GET /home/XXXXX/code/repositories/YYYYY-website/templates
where XXXXX is a sudo user on my server and YYYYY is my company name.
This is actually the structure of my Django project code.
My website is coded using Django and runs under Apache2 on Ubuntu.
My question is how can this guy possibly know the underlying code/directory structure on my server, in order to create this request?
Their IP is : 66.249.65.221.
They come up as 100% a hacker on https://ip-46.com
Any contributions welcome.
EDIT1 25/11/2019
With some helpful input from Loïc, I have done some investigation.
The Ubuntu 18.04 server is locked down as far as logging in goes - you can only get in with one of my private keys. The PostgreSQL is locked down - it will only accept connections from one IP where my dev machines reside. RabbitMQ is locked down - it won't accept ANY external incoming connections. The robots.txt allows all crawling but the robots meta restricts access to about 12 pages only.
Somebody who knows Django, would know how to form this directory path if they knew the Django project directory but they also have this relative to root on the server. The only place where this is available is in the Apache2 config file. Obviously Apache needs to know where to pick up the Django web server.
I am 99% sure that this 'hacker' got this via some sort of command to Apache. Everything is redirected to port 443 https. The above GET request doesn't actually do anything because the url doesn't exist.
So to make the question more refined. How can a hacker pull my Django absolute project path from my Apache2 config file?
There are a lot of different ways to learn about the directory structure of a given server.
The easiest usually being error logs;
If in your django settings, DEBUG is set to True, it is very easy for an attacker to get the directory structure of your project.
Then there is LFI, a security issue allowing an attacker to read local files. It's then possible to read some logs, or apache configuration to learn what is your project directory...
The problem could come from another service running on your server as well...
One cannot really give you a complete answer on this topic, as there are a lot of different ways this could happen.
I am currently developping an application using Django.
What I'm trying to achieve is to have a remote server that will host configuration files. Those files are going to be numerous but quite small.
The configuration of my server is the following : on the adress 172.x.x.51 I have my Django app running with uwsgi and on 172.x.x.52 I have my nginx service connected to my uwsgi instance.
What I would like is to host the files on the nginx server.
Inside the application, I will need to access to the files and to save them (they are calculated from data from the database, so there's no need for a fileupload).
I looked on the documentation and found that I can use a Custom Storage System. The thing is, I don't think that's what I need because I want to store them the way it's done by default. I would just like to define the place where the files should be updated from Django.
Would it be better if I stored them in the media folder on my nginx instance ? How would I say to Django to go look on nginx's instance for the files ? On the server where nginx is hosted, I already host my static files and it's working.
This isn't a question about Django really. Storage backends are for file uploads, but as you say you're not doing that.
You need some way of allowing your Django instance on *.51 write to your nginx server on *.52. This might be via SSH/SCP, or by sharing directories over NFS, for example. Then you can simply save the files over that protocol to the relevant place, from where nginx can serve them.
I'm developing a Windows intranet application in C++ which needs to download a settings file from a predefined URL hosted on a webserver on the intranet.
This file would be updated every few weeks and I need to get it only if it has changed.
To avoid unnecessary downloads I wanted to know if there is a standard HTTP method to only request the hash of the file to the webserver to prevent a full download if the file has not changed.
I'm still in the design phase and the idea would be to use CURL library on the client to download the file and Apache as a webserver, but I'm also open to other solutions.
i need to operate smell web server in my application play flash swf files in my embedded browser , this application will be distributed to local users to desktop users
what is the best way to implement it in desktop application i mean ports / local host ?
If you simply want to show something in your embedded browser there's no need to set up a local web server, just point it to appropriate local files that will be located in your application's directory (using the file:// protocol).