SimpleHTTPServer and CgiHTTPServer in practice

Chris Warrick kwpolska at
Sat Mar 18 04:35:40 EDT 2017

On 17 March 2017 at 01:28, Paul Rubin < at nospam.invalid> wrote:
> Lutz Horn <lutz.horn at> writes:
>> We don't know *why* those people told you not to use these modules. We
>> also don't know your use case. So it is very hard to advise you.
> The use case is to have a very easily set up way to serve basic pages
> and files, without a lot of configuration files and other
> infrastructure.  The main reason not to use it would be security holes
> if there are some.  I haven't examined the code carefully but didn't see
> obvious issues at a quick glanace.  I frankly worry more about large C
> programs than Python programs.
> --

Security isn’t the main problem. SimpleHTTPServer is fine for small,
local, one-off servers. However, for anything large, there are two
problems: (a) its ephemeral nature, and (b) slow performance (no
caching). nginx (or apache if you must) takes only a few minutes to
set up, and does not have those problems.

CgiHTTPServer? It’s 2017 and CGI should be long dead. CGI means firing
up a Python/Perl/$cgi_language interpreter on every single HTTP
request, already a waste of time. And then, CGI scripts take input via
random environment variables (not very dependable) and output to
stdout, which is a completely broken architecture. Give up and run a
real web framework (Django) using uWSGI and nginx.

Chris Warrick <>

More information about the Python-list mailing list