CGIHTTPServer security Breach

Andy Worms andy at post.tau.ac.il
Tue Jul 22 19:43:06 CEST 2003


I'm using CGIHTTPServer to try some scripts, apparently as a first step of 
building a real server. The CGIHTTPServer source code has a comment that warns 
of potential security problems:

SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
-- it may execute arbitrary Python code or external programs.

Does someone know how can an outsider execute arbitrary python code or 
external problems? Are there simple ways to correct the code?

-----------------------------
Andy Worms

-----------------------------





More information about the Python-list mailing list