0

I'm pretty new to server-side stuff. The difficult situation is that we want to allow an application installed on the server to run python on the server, but the application server installation guide said that "running EXE files creates a vulnerability that can be exploited by attackers,", so I'm wondering how risky that is and is there a way for us to reduce the risks?

I'm currently not very sure if the server is a shared server or a VPS. I guess it's probably shared.

Thank you very much! And I'm looking forward to hearing from you!

Penny
  • 111
  • 1
  • contact support application provider and inform the issue , may be they have security patches for those issues – Aravinda Oct 10 '17 at 08:58
  • Thanks Aravinda, I'll ask their support at the same time! Thank you! – Penny Oct 10 '17 at 09:51
  • 1
    The risk is not letting installed application run, the risk is letting a user run anything he want on the server. As some server can be deployed as a terminal server. – yagmoth555 Oct 10 '17 at 10:33
  • Hi, @yagmoth555 thank you for the feedback! I think for this application, we indeed need to specify a user to impersonate the custom program. If the risk is mainly from the user, what if we use the virtual service account, would it greatly reduce the risk though? – Penny Oct 10 '17 at 10:55

0 Answers0