I would like to know the risks of a python script that is outside of public_html
ID: 656749 • Letter: I
Question
I would like to know the risks of a python script that is outside of public_html
application/scripts/myscript.py
public_html
This script is called by the php application asynchronously. it receives an argument that determines which file folder will be deleted after x minutes and after update the mysql database
The folder that contains this script has 700 permisions and the owner is www-data. myscript.py has 700 permisions too
Can someone execute this script remotely? or maybe pass some python instruction? How could I prevent from potential risks?
I'm newbie, and I would like to learn.
Explanation / Answer
Whether they can access it remotely depends on many things, such as your server's configuration details, and any security holes in your CGI scripts. The python script does not create any security risks merely by existing (if a remote user could execute it, they could use the same techniques to execute something like cat /etc/passwd or rm -rf /), but may present risks if a remote user can influence its operation.
You haven't provided enough information to give a definite "yes" or "no" to any of your questions, and for some of them, it requires a detailed analysis of the computer's configuration.