Python CGI

[Zphinx677]

Maybe have to ask if host if can run Python code.

I was able to run a hello world program via the cgi bin.  However, I read that running a www.domain.com/app.py style program was very insecure.

[snippsat]

I was able to run a hello world program via the cgi bin.  However, I read that running a http://www.domain.com/app.py style program was very insecure.

If you want to learn web-develoment in Python just drop that or do not think of hosting at all in the beginning.
You start bye using eg Flask/Django which has build in web-server so you can do all learning/work local.

[metulburr]

Maybe have to ask if host if can run Python code.

I was able to run a hello world program via the cgi bin.  However, I read that running a www.domain.com/app.py style program was very insecure.

Your going to find that snippsat and i have different view points on CGI. If he could he would berid the world of CGI forever. I still use them. However if you plan on doing web dev, i would suggest to learn flask. CGI really only works for a single page, much more and its a pain in the ass. Even a single page can grow into a monster.

The main insecurity is the fact of taking input and not sanitizing it. Taking input and not sanitizing it can be like giving anyone in the world a terminal to that computer.

[wavic]

What exactly means 'insecure'? Security could be broken in so many places in so many ways that the web app is the last link in the chain. You have the infrastructure, the access to the servers, the OS, firewalls, the server engine, perhaps I am missing something. Tha app is on top of all of that. It is secure as much as you make it. You want to learn, how to develop web apps? Good! Security is a whole new world. I am not saying that you should not concerned about it.

Write the app/web page then test its security.

I was able to run a hello world program via the cgi bin.  However, I read that running a http://www.domain.com/app.py style program was very insecure.

It's not about what you are using but how. In almost all cases security could be broken because of human mistakes. Or incompetence. From that point, there is no security at all. And this is correct. Any system, network manager, any web developer knows it. All you can do is to reduce the risk of a breakthrough. This means learning, practicing, testing. Logging not to forget.

Because you are asking about CGI security risks, take a look at this: https://www.w3.org/Security/Faq/wwwsf4.html
If you read it carefully you will see that security is not about the what you are using but how. If everything depends on you. But that never happens.