Is the default django development server secure or can others access it?












1















I'm new to django/python and want to make sure that if I'm learning django on my own from my work machine, it won't be some kind of security breech when django sets up its automatic development server. I'm using this tutorial: https://docs.djangoproject.com/en/2.1/intro/tutorial01/



And they have you set up the dev server as:



$ python manage.py runserver


which outputs:



Performing system checks...



System check identified no issues (0 silenced).



You have unapplied migrations; your app may not work properly until they are applied.

Run 'python manage.py migrate' to apply them.



November 17, 2018 - 15:50:53

Django version 2.1, using settings 'mysite.settings'

Starting development server at http://127.0.0.1:8000/

Quit the server with CONTROL-C.


Can others access this server, either from within the network or just through the internet? How would one go about checking that?






python django security server







share|improve this question



























    1















    I'm new to django/python and want to make sure that if I'm learning django on my own from my work machine, it won't be some kind of security breech when django sets up its automatic development server. I'm using this tutorial: https://docs.djangoproject.com/en/2.1/intro/tutorial01/



    And they have you set up the dev server as:



    $ python manage.py runserver


    which outputs:



    Performing system checks...
    

    
System check identified no issues (0 silenced).
    

    
You have unapplied migrations; your app may not work properly until they are applied.
    
Run 'python manage.py migrate' to apply them.
    

    
November 17, 2018 - 15:50:53
    
Django version 2.1, using settings 'mysite.settings'
    
Starting development server at http://127.0.0.1:8000/
    
Quit the server with CONTROL-C.


    Can others access this server, either from within the network or just through the internet? How would one go about checking that?






    python django security server







    share|improve this question

























      1












      1








      1








      I'm new to django/python and want to make sure that if I'm learning django on my own from my work machine, it won't be some kind of security breech when django sets up its automatic development server. I'm using this tutorial: https://docs.djangoproject.com/en/2.1/intro/tutorial01/



      And they have you set up the dev server as:



      $ python manage.py runserver


      which outputs:



      Performing system checks...
      

      
System check identified no issues (0 silenced).
      

      
You have unapplied migrations; your app may not work properly until they are applied.
      
Run 'python manage.py migrate' to apply them.
      

      
November 17, 2018 - 15:50:53
      
Django version 2.1, using settings 'mysite.settings'
      
Starting development server at http://127.0.0.1:8000/
      
Quit the server with CONTROL-C.


      Can others access this server, either from within the network or just through the internet? How would one go about checking that?






      python django security server







      share|improve this question














      I'm new to django/python and want to make sure that if I'm learning django on my own from my work machine, it won't be some kind of security breech when django sets up its automatic development server. I'm using this tutorial: https://docs.djangoproject.com/en/2.1/intro/tutorial01/



      And they have you set up the dev server as:



      $ python manage.py runserver


      which outputs:



      Performing system checks...
      

      
System check identified no issues (0 silenced).
      

      
You have unapplied migrations; your app may not work properly until they are applied.
      
Run 'python manage.py migrate' to apply them.
      

      
November 17, 2018 - 15:50:53
      
Django version 2.1, using settings 'mysite.settings'
      
Starting development server at http://127.0.0.1:8000/
      
Quit the server with CONTROL-C.


      Can others access this server, either from within the network or just through the internet? How would one go about checking that?






      python django security server




      python django security server






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 20 '18 at 21:28









      Jaysin WorrelJaysin Worrel

      82




      82
























          1 Answer
          1






          active

          oldest

          votes


















          1














          Hosting the development server on localhost (which is equivalent to 127.0.0.1) does not expose you to any risks than might already exist in your system. You would have to make a very deliberate effort to make this accessible to external connections.



          If you wish to make the site accessible on a local network, you can host on 0.0.0.0. The bottom line is that you'd have to be either compromised already somehow, or have made a deliberate effort, to be any more exposed by running the development server. Just don't use it when moving to production.






          share|improve this answer



















          • 1





            Thank you very much, good to know.

            – Jaysin Worrel
            Nov 20 '18 at 22:04











          • @JaysinWorrel you're welcome. You did initially accept my answer and then retracted; is there something more I need to clarify?

            – roganjosh
            Nov 20 '18 at 22:05






          • 1





            Nope just messed up.

            – Jaysin Worrel
            Nov 21 '18 at 22:56











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53401828%2fis-the-default-django-development-server-secure-or-can-others-access-it%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          Hosting the development server on localhost (which is equivalent to 127.0.0.1) does not expose you to any risks than might already exist in your system. You would have to make a very deliberate effort to make this accessible to external connections.



          If you wish to make the site accessible on a local network, you can host on 0.0.0.0. The bottom line is that you'd have to be either compromised already somehow, or have made a deliberate effort, to be any more exposed by running the development server. Just don't use it when moving to production.






          share|improve this answer



















          • 1





            Thank you very much, good to know.

            – Jaysin Worrel
            Nov 20 '18 at 22:04











          • @JaysinWorrel you're welcome. You did initially accept my answer and then retracted; is there something more I need to clarify?

            – roganjosh
            Nov 20 '18 at 22:05






          • 1





            Nope just messed up.

            – Jaysin Worrel
            Nov 21 '18 at 22:56
















          1














          Hosting the development server on localhost (which is equivalent to 127.0.0.1) does not expose you to any risks than might already exist in your system. You would have to make a very deliberate effort to make this accessible to external connections.



          If you wish to make the site accessible on a local network, you can host on 0.0.0.0. The bottom line is that you'd have to be either compromised already somehow, or have made a deliberate effort, to be any more exposed by running the development server. Just don't use it when moving to production.






          share|improve this answer



















          • 1





            Thank you very much, good to know.

            – Jaysin Worrel
            Nov 20 '18 at 22:04











          • @JaysinWorrel you're welcome. You did initially accept my answer and then retracted; is there something more I need to clarify?

            – roganjosh
            Nov 20 '18 at 22:05






          • 1





            Nope just messed up.

            – Jaysin Worrel
            Nov 21 '18 at 22:56














          1












          1








          1







          Hosting the development server on localhost (which is equivalent to 127.0.0.1) does not expose you to any risks than might already exist in your system. You would have to make a very deliberate effort to make this accessible to external connections.



          If you wish to make the site accessible on a local network, you can host on 0.0.0.0. The bottom line is that you'd have to be either compromised already somehow, or have made a deliberate effort, to be any more exposed by running the development server. Just don't use it when moving to production.






          share|improve this answer













          Hosting the development server on localhost (which is equivalent to 127.0.0.1) does not expose you to any risks than might already exist in your system. You would have to make a very deliberate effort to make this accessible to external connections.



          If you wish to make the site accessible on a local network, you can host on 0.0.0.0. The bottom line is that you'd have to be either compromised already somehow, or have made a deliberate effort, to be any more exposed by running the development server. Just don't use it when moving to production.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 20 '18 at 21:42









          roganjoshroganjosh

          6,48031328




          6,48031328








          • 1





            Thank you very much, good to know.

            – Jaysin Worrel
            Nov 20 '18 at 22:04











          • @JaysinWorrel you're welcome. You did initially accept my answer and then retracted; is there something more I need to clarify?

            – roganjosh
            Nov 20 '18 at 22:05






          • 1





            Nope just messed up.

            – Jaysin Worrel
            Nov 21 '18 at 22:56














          • 1





            Thank you very much, good to know.

            – Jaysin Worrel
            Nov 20 '18 at 22:04











          • @JaysinWorrel you're welcome. You did initially accept my answer and then retracted; is there something more I need to clarify?

            – roganjosh
            Nov 20 '18 at 22:05






          • 1





            Nope just messed up.

            – Jaysin Worrel
            Nov 21 '18 at 22:56








          1




          1





          Thank you very much, good to know.

          – Jaysin Worrel
          Nov 20 '18 at 22:04





          Thank you very much, good to know.

          – Jaysin Worrel
          Nov 20 '18 at 22:04













          @JaysinWorrel you're welcome. You did initially accept my answer and then retracted; is there something more I need to clarify?

          – roganjosh
          Nov 20 '18 at 22:05





          @JaysinWorrel you're welcome. You did initially accept my answer and then retracted; is there something more I need to clarify?

          – roganjosh
          Nov 20 '18 at 22:05




          1




          1





          Nope just messed up.

          – Jaysin Worrel
          Nov 21 '18 at 22:56





          Nope just messed up.

          – Jaysin Worrel
          Nov 21 '18 at 22:56


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53401828%2fis-the-default-django-development-server-secure-or-can-others-access-it%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          MongoDB - Not Authorized To Execute Command

          Image
          .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
          Read more

          How to fix TextFormField cause rebuild widget in Flutter

          Image
          .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
          Read more

          Npm cannot find a required file even through it is in the searched directory

          Image
          up vote 0 down vote favorite I got that error: users-Air:pdfuploader user$ npm run start client@0.1.0 start /Users/user/Documents/pdfuploader react-scripts start Could not find a required file. Name: index.html Searched in: /Users/user/Documents/pdfuploader/public npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! client@0.1.0 start: `react-scripts start` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the client@0.1.0 start script. npm ERR! This is probably not a problem with npm. There is likely additional logging output above. npm ERR! A complete log of this run can be found in: npm ERR! /Users/user/.npm/_logs/2018-11-19T10_19_14_555Z-debug.log users-Air:pdfuploader user$ And the file is in /Users/user/Documents/pdfuploader/public as you can see in my github repository: https://github.c...
          Read more