[Web-SIG] WSGI in standard library
Chris McDonough
chrism at plope.com
Sun Feb 12 17:20:53 CET 2006
On Feb 12, 2006, at 6:39 AM, Alan Kennedy wrote:
> So, I still think that only basic servers educational/playpen servers
> should go in the standard library, with an indication that the user
> should pick an openly server from outside the distro if they
> require to
> do serious server work.
I agree 100%.
>
> Maybe if there were no "production-ready" servers in the standard
> library, there would be no need for a "Python Security Response Team".
As an example, it's currently possible to perform denial of service
on any framework/server that uses the cgi.FieldStorage module. See
http://sourceforge.net/tracker/?
func=detail&aid=1112549&group_id=5470&atid=105470
. That module probably doesn't belong in the stdlib in the first
place, but it's in there, and now things depend on it.
In the meantime, this patch *really* should have been applied by now
but hasn't been. If anyone has checkin access, or can help me poke
the appropriate person, it would help... this was reported to the SRT
at the time.
- C
More information about the Web-SIG
mailing list