3

Let's say I have a domain. Under home directory of the domain I have a text(.txt) file called note.txt. Like below

https://www.example.com/note.txt

When I access the url, browser display text string contained inside the file. But when I run a Flask under that domain instead of a traditional html,css,javascript,php app, server return 404error even though the file exists in fact at the same location. I can see this from the ftp client.

So why does the server returns 404 error when the site hosts a python app instead of the more traditional html,css,javascript,php app?

Mikko Ohtamaa
  • 82,057
  • 50
  • 264
  • 435
Zip
  • 5,372
  • 9
  • 28
  • 39

1 Answers1

4

What you are missing here is that Flask has its own URL routing.

The answer for "why does the server returns 404 error" is that URL routing should be explicit (nothing happens unless you tell it to happen) instead of implicit (everything on the server is exposed by default). Because PHP chose the latter approach, WordPress, Drupal, et. al. traditional PHP sites are getting hacked very easily when they are given to people who don't have the full picture what they are doing. It might be convenient in the beginning, but it is also an open invitation for script kiddies to raid your server.

Community
  • 1
  • 1
Mikko Ohtamaa
  • 82,057
  • 50
  • 264
  • 435
  • So based on what you describe, it should be safe to have a file containing sensitive information like in the aforementioned address(www.example.com/note.txt) if I use framework like ```Flask``` because users cannot access it anyway? – Zip Jul 11 '15 at 13:35
  • Yes. If you want to make it available a file containing sensitive information to users you can implement one of various Flask authentication schemes. – Mikko Ohtamaa Jul 12 '15 at 05:19