0

I have an iaas server running nginx for a web2py application. The web2py welcome page views without problem, but my test application encounters an internal error. It runs just fine on my laptop on localhost. On the server the ticket link says "unkown" and when clicked the flash says "invalid ticket". Also the error folders in the file system is empty.

As far as I understand this could be due to web2py not having write privileges on the applications folder. Is this the case, and if so, could granting web2py these privileges be a security concern?

User
  • 15
  • 3
  • Wouldn't this security restriction prevent access to the database? If not, I believe you can configure web2py to store tickets in the database. – Scott Hunter Dec 16 '15 at 18:19
  • I'm not sure if this is the cause of the problem or how I would go about to find out. Maybe I should change the wording of the question. – User Dec 16 '15 at 20:58
  • Are you able to access the admin app? If you can, you can use it to access the database. – Scott Hunter Dec 17 '15 at 02:31
  • I can access the admin app, but when trying to access the app database administration the same Internal Error page appears with the unknown ticket link. So it seems I dont really have access to the database. Edit: The problem was solved by making web2py the owner of the directory holding the app files. Is this the preferred solution? I cant find much information about the topic and is not very knowledgeable about web security. – User Dec 17 '15 at 09:24

1 Answers1

0

web2py needs to be able write to the errors, databases, and uploads directories (if you, respectively, have any errors, update the database, or upload any files to the default location), and would thus need write privileges on those directories. Whether or not it is a security concern, if you want to do those things, the cited privileges are needed. You could reduce those concerns by only allowing web2py such access.

Scott Hunter
  • 48,888
  • 12
  • 60
  • 101