-1

Configure Flask dev server to be visible across the network

Meaning it runs on my PC's IP address visible to the entire internet and arbitrary Python code can be run via my Flask app?

davidism
  • 121,510
  • 29
  • 395
  • 339
mLstudent33
  • 1,033
  • 3
  • 14
  • 32
  • It doesn't run on "the entire internet", it runs on your local network – roganjosh Sep 22 '20 at 06:57
  • 1
    that's not to say that it isn't dangerous if that network happens to be a large company with some tech-savvy people who might discover the server, though. For it to be accessible from external sources, you'd have to open up the firewall – roganjosh Sep 22 '20 at 06:59

1 Answers1

2

The direct answer is: yes, it is unsafe. But then again, so is driving a car or eating at a new restaurant with bad reviews.

The point is evaluating the risk. Things to consider:

  1. Are you launching this on a home network? In which case, your router almost certainly comes with its own firewall (and I only don't make the assertion because I can't possibly cover every single case). The server will not be accessible outside of the home network. Maybe there's a malicious housemate harbouring resent and waiting to pounce?
  2. Are you launching on an intranet network? This would be accessible to everyone on the network. The vast majority of people won't be scanning the network for open ports, but you can't rule it out. Low risk., but it could happen that someone finds it.
  3. Are you running this on a server with a dedicated IP (not an internal IP like 10.0.0.x or 192.168.x.x)? Is the particular port you're running on open to the wider internet e.g. no firewall or special rules for that port? In which case, expect to get requests.
  4. Can someone landing on the site actually do something malicious? The whole point of having a web server is for other people to access it. If discovering your app is enough to be a real concern then it's just broken and you should be testing your fears on localhost.
roganjosh
  • 12,594
  • 4
  • 29
  • 46