[issue672656] securing pydoc server
Senthil Kumaran
report at bugs.python.org
Wed Aug 18 21:37:00 CEST 2010
Senthil Kumaran <orsenthil at gmail.com> added the comment:
As the pydoc server "advertises" that it is running from localhost in both CLI and GUI, it is best to bind the socket to 'localhost' instead of '' (which would bind it to all the interfaces).
So, a simple fix for this issue, which will remove the security concern:
host = 'localhost'
- self.address = ('', port)
+ self.address = (host, port)
If is to be run from user-defined interface with a new --host <interface> option, that it can be dealt with as new feature request.
This issue can be considered fixed with commits r84173 and r84174.
----------
nosy: +orsenthil
resolution: -> fixed
stage: unit test needed -> committed/rejected
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue672656>
_______________________________________
More information about the Python-bugs-list
mailing list