CGIHTTPServer security Breach
Andy Worms
andy at post.tau.ac.il
Tue Jul 22 13:43:06 EDT 2003
I'm using CGIHTTPServer to try some scripts, apparently as a first step of
building a real server. The CGIHTTPServer source code has a comment that warns
of potential security problems:
SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
-- it may execute arbitrary Python code or external programs.
Does someone know how can an outsider execute arbitrary python code or
external problems? Are there simple ways to correct the code?
-----------------------------
Andy Worms
-----------------------------
More information about the Python-list
mailing list