为什么提供静态文件不安全 [英] Why is serving static files insecure

问题描述

这可能是一个愚蠢的问题，并且有一个明显的答案，但是我正在测试404和500错误处理程序，这意味着我不得不将debug切换为False.我转到Django管理页面，发现没有提供静态文件.

This might be a stupid question and have an obvious answer, but I was testing my 404 and 500 error handlers meaning that I had to switch debug to False. I went to Django admin page and noticed that static files are not being served.

我知道应该通过Apache路由它们，因为通过Django提供静态文件是不安全的.但是，我不太了解为什么直接通过Django提供静态文件会有安全风险吗?

I understand that they should be routed through Apache as serving static files through Django is insecure. However, I don't quite understand why is it a security risk to serve static files through Django directly?

推荐答案

以下是Django 1.8文档对此主题的说明:

Here is what the Django 1.8 documentation says on the subject:

-不安全

即使 DEBUG 设置为 False ，也可以使用-insecure 选项强制通过staticfiles应用程序提供静态文件.通过使用此方法，您承认其效率极低且可能不安全的事实.这仅用于本地开发，切勿在生产中使用，并且仅当 staticfiles 应用程序处于项目的 INSTALLED_APPS 设置中时可用.

Use the --insecure option to force serving of static files with the staticfiles app even if the DEBUG setting is False. By using this you acknowledge the fact that it’s grossly inefficient and probably insecure. This is only intended for local development, should never be used in production and is only available if the staticfiles app is in your project’s INSTALLED_APPS setting.

如您所见，他们说严重低效率"，和可能不安全".他们没有说绝对不安全".或不安全".我认为他们暗示的是他们尚未对 staticfiles 应用程序及其与Django其他部分的交互进行彻底的安全性分析.

As you can see, they say "grossly inefficient" and "probably insecure". They didn't say "definitely insecure" or "insecure". I think that what they are hinting at is that they haven't done a thorough security analysis of the staticfiles app and its interactions with the rest of Django.

对我来说，严重低效"部分应足以阻止您投放静态内容.从 collectstatic 命令开始，很容易做到更好.

For me, the "grossly inefficient" part should be sufficient to deter you from serving static content. It is easy to do it better ... starting with the collectstatic command.

更多的搜索使我进入了Google网上论坛的帖子，以回应某人询问为什么-不安全不安全的原因.

Some more searching lead me to this Google Groups posting, in response to someone asking about why --insecure is insecure.

来自:马尔科姆·特雷丁尼克(Malcolm Tredinnick)

From: Malcolm Tredinnick

除非对内容进行了设计和审核，否则任何内容都不能被认为是安全的安全.我们对静态文件服务器都没有做过.可能不会有现有的安全漏洞，但不应视为安全漏洞因为那不是设计目标.

Nothing can be considered secure unless it is designed and audited for security. We have done neither with the static file server. It may not have existing security holes, but it should not be considered secure because that's not a design goal.

例如，安全文件服务器将需要检查资源分配问题，以至于无法提供很大的文件拒绝服务攻击.这需要大量额外的代码，并且流水线管理，这不值得投入到仅仅是出于发展目的.

For example, a secure file server would need to check for resource allocation problems so that serving a very large file didn't constitute a denial-of-service attack. That requires a lot of extra code and pipeline management which isn't worth putting into something that's just for development purposes.

...支持我的解释.

... which supports my interpretation.

这篇关于为什么提供静态文件不安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！