Securing PyDoc and CGIHTTPserver

Shane Hathaway shane at zope.com
Thu Jul 10 11:36:33 EDT 2003


Jon Schull wrote:
> The port number used by pydoc is currently set by the user at the
> command line.  Many people probably use the example given in the
> python module documentation : "python -p 1234"    However, if the port
> were chosen at random and printed out, then only pydoc and the user
> would know how to access the pydoc server.

What about binding only to the local (loopback) interface?  That way, 
the system won't even listen for external connections.  It's like a 
built-in firewall.

The change is a one-liner.  The DocServer computes the hostname for the 
loopback interface but then binds to all interfaces.  So change this line:

   self.address = ('', port)

to:

   self.address = (host, port)

Shane






More information about the Python-list mailing list