Securing PyDoc and CGIHTTPserver
Peter Hansen
peter at engcorp.com
Tue Jul 15 09:03:41 EDT 2003
Jon Schull wrote:
>
> Peter Hansen <peter at engcorp.com> wrote in message news:<3F13034D.19A4C65 at engcorp.com>...
> >
> > If this is merely a "local webserver interface", then it should bind
> > to localhost only.
>
> Well, maybe this is how the question should be phrased. How best to
> securely and reliably "bind to localhost only" (spoof-proofly, etc.)?
Localhost means "localhost" as defined in your /etc/hosts or equivalent
file under Windows, or the address 127.0.0.1. Basically, don't do a bind
to '' which binds to all interfaces, but 'localhost' or '127.0.0.1' and
you won't get external interfaces involved.
-Peter
More information about the Python-list
mailing list