[New-bugs-announce] [issue34576] SimpleHTTPServer: warn users on security
STINNER Victor
report at bugs.python.org
Tue Sep 4 05:39:03 EDT 2018
New submission from STINNER Victor <vstinner at redhat.com>:
Larry Hastings proposed on the PSRT mailing list to add the following note of the SimpleHTTPServer documentation:
Note: SimpleHTTPServer is, as its name implies, a simple HTTP
server. We provide it as a sample implementation of the Python HTTP
server API. However, SimpleHTTPServer is neither secure nor
high-performance, and as such you should not use SimpleHTTPServer in
security-sensitive or performance-sensitive applications.
For example, if you create a symbolic link outside the directory served by SimpleHTTPServer, SimpleHTTPServer follows symbolic links.
----------
components: Library (Lib)
messages: 324577
nosy: vstinner
priority: normal
severity: normal
status: open
title: SimpleHTTPServer: warn users on security
type: security
versions: Python 2.7, Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34576>
_______________________________________
More information about the New-bugs-announce
mailing list