[New-bugs-announce] [issue36873] http.server: Document explicitly that symbolic links are followed
STINNER Victor
report at bugs.python.org
Thu May 9 23:41:31 EDT 2019
New submission from STINNER Victor <vstinner at redhat.com>:
http.server documentation starts with a red warning:
"Warning: http.server is not recommended for production. It only implements basic security checks."
https://docs.python.org/dev/library/http.server.html
It would help to be even more explicit on what it means. For example, document that symbolic links are followed and SimpleHTTPRequestHandler directory can be "escaped" following symbolic links.
----------
assignee: docs at python
components: Documentation
messages: 342054
nosy: docs at python, vstinner
priority: normal
severity: normal
status: open
title: http.server: Document explicitly that symbolic links are followed
type: security
versions: Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36873>
_______________________________________
More information about the New-bugs-announce
mailing list