Securing PyDoc and CGIHTTPserver
Shane Hathaway
shane at zope.com
Thu Jul 10 11:36:33 EDT 2003
Jon Schull wrote:
> The port number used by pydoc is currently set by the user at the
> command line. Many people probably use the example given in the
> python module documentation : "python -p 1234" However, if the port
> were chosen at random and printed out, then only pydoc and the user
> would know how to access the pydoc server.
What about binding only to the local (loopback) interface? That way,
the system won't even listen for external connections. It's like a
built-in firewall.
The change is a one-liner. The DocServer computes the hostname for the
loopback interface but then binds to all interfaces. So change this line:
self.address = ('', port)
to:
self.address = (host, port)
Shane
More information about the Python-list
mailing list