SimpleHTTPServer and CgiHTTPServer in practice
kwpolska at gmail.com
Sat Mar 18 04:35:40 EDT 2017
On 17 March 2017 at 01:28, Paul Rubin <no.email at nospam.invalid> wrote:
> Lutz Horn <lutz.horn at posteo.de> writes:
>> We don't know *why* those people told you not to use these modules. We
>> also don't know your use case. So it is very hard to advise you.
> The use case is to have a very easily set up way to serve basic pages
> and files, without a lot of configuration files and other
> infrastructure. The main reason not to use it would be security holes
> if there are some. I haven't examined the code carefully but didn't see
> obvious issues at a quick glanace. I frankly worry more about large C
> programs than Python programs.
Security isn’t the main problem. SimpleHTTPServer is fine for small,
local, one-off servers. However, for anything large, there are two
problems: (a) its ephemeral nature, and (b) slow performance (no
caching). nginx (or apache if you must) takes only a few minutes to
set up, and does not have those problems.
CgiHTTPServer? It’s 2017 and CGI should be long dead. CGI means firing
up a Python/Perl/$cgi_language interpreter on every single HTTP
request, already a waste of time. And then, CGI scripts take input via
random environment variables (not very dependable) and output to
stdout, which is a completely broken architecture. Give up and run a
real web framework (Django) using uWSGI and nginx.
Chris Warrick <https://chriswarrick.com/>
More information about the Python-list