Securing PyDoc and CGIHTTPserver

Peter Hansen peter at engcorp.com
Tue Jul 15 15:03:41 CEST 2003


Jon Schull wrote:
> 
> Peter Hansen <peter at engcorp.com> wrote in message news:<3F13034D.19A4C65 at engcorp.com>...
> >
> > If this is merely a "local webserver interface", then it should bind
> > to localhost only.
> 
> Well, maybe this is how the question should be phrased.  How best to
> securely and reliably "bind to localhost only" (spoof-proofly, etc.)?

Localhost means "localhost" as defined in your /etc/hosts or equivalent
file under Windows, or the address 127.0.0.1.  Basically, don't do a bind
to '' which binds to all interfaces, but 'localhost' or '127.0.0.1' and
you won't get external interfaces involved.

-Peter




More information about the Python-list mailing list