Proper permission code for database file and database directory - mysql

So I created a login python app, app will add data to database file while user sign-up, and app will extract data from database while user login, on production server.
specifically, I want website users to
not able to see the database file and its directory
not able to download the database file if it can find the url.
able to add/extract content to/from it through web app (written in python flask)
Thus, what permission code (such as 755,660) should I give to the database file and the directory where the database file is located?

In my case, I found 755 is very useful, or 766, if it's a php/asp file which is responsive.

Related

hosting a local dynamic wordpress website

i am having a problem of exporting my local "wordpress" website and it's giving my an xml file but with all in one wp migration it's giving me a "WPRESS" file. i can't pay for the business subscription just to install a few plugins that'll make my website live because it's expensive. is there a way to convert these files to dynamic files and host it?
First you need ZIP all wordpress files and also export your SQL file. Then upload that zip file to your Hosting C-panel and extract it also import SQL file to your server and copy that server name and password and pest it into your config file.
for detailed instruction you can follow below blog
https://www.wpbeginner.com/wp-tutorials/how-to-move-wordpress-from-local-server-to-live-site/

Using dbms_scheduler.create_credential on a exedata

I want to setup a file_watcher for file created in a location in the OS. We are currently using Jobs that access the files through utl_file.fopen to access the files using a directory entry.
I ask my DBA to setup a credential so I can establish the file watch using dbsm_scheduler. He told me that because we are using a exadata appliance for our database we could not create the credential. I dont get it! If we are accessing the file through a directory why is a issue access through a credential?
Any Ideas?

how to synch up Django application database to local directory on my pc

My Django Application is running on "http://culhapartners.pythonanywhere.com/Front/Front_End"
Actually all this data for the website is in Django database on this online server.
My problem is "I want to run this website even if there is not internet connectivity"
how to move all database data to local pc directory?
Any suggestion as a starting point
Thank you
Regards
Noman
You can create a data dump with the dumpdata management command, then transfer this file to your local computer. Then you can load this data with the appropriately named loaddata command.
Or, if its a lightweight website and you are using sqlite, you can just copy the database file to your local machine.

Where should I save the Amazon Manifest json file on an app hosted at PythonAnywhere?

I am trying to have my app on Amazon appstore.
In order to do this Amazon needs to park a small json file (web-app-manifest.json).
If I upload it to the the root of my web site (as suggested), Amazon bot says it cannot access file. Amazon support mention I should save it to /var/www/static but either I don't know how to get there or I don't have access to this part of the server.
Any ideas ?
You can get to /var/www/static in the File browser. Just click on the '/' in the path at the top of the page and then follow the links.
You can also just copy things there from a Bash console.
You may need to create the static folder in /var/www if it's not there already.
Ok...After some clarifications from PythonAnywhere and Amazon support, this what worked for me:
Assume:
The name of website is XYZ.
One accesses the web site at: https://XYZ.pythonanywhere.com/XYZ/default/index
Amazon json file is parked at https://XYZ.pythonanywhere.com/web-app-manifest.json
Which on the file system at PythonAnywhere translates to:
/var/www/static/web-app-manifest.json
Amazon support asked me to add to this json file the following snippet:
"launch_path":"XYZ/default/index",
Now Amazon bot can access the manifest file and authenticate my relationship with it for the Amazon appstore.

How to restrict user access the file on the HTTP Server?

I'm writing a web application that allow user upload their files on the app. The file will be uploaded on the HTTP Server, after the user click the "upload" button. The user can receive the file by getting the file from the path.... ...for example: http://www.demo.com/user/abc/download/the_file.jpg
but I found that all the people can access this file using the path. How can I do, or is there a better way to manage the file that only registered user or the file owner can download the file?
Serving a file directly within a script is not an option because of performance issues and it's not really possible to serve BIG files because of memory limits.
The best option is to use the Apache module mod_xsendfile. The idea is to redirect all requests to a
PHP/Perl/Python script which will just set a HTTP header saying "Hey Apache, serve this file instead" and mod_xsendfile will take care of it.
And the client will never be able to download the file without this authentication.
If using something like apache httpd, you can use .htaccess files and have directories that are provisioned to users or groups if you want the user to continue accessing files at a path on the filesystem.
If you lock down the directory and have a script to manage file delivery, you can check permissions in the script and give the user the file requested or a 403.
I tend to use the script approach as it gives me more control over how the permissions are managed and more complex access scenarios.