[issue26005] Denial of Service in SimpleHTTPServer and BaseHTTPServer
Senthil Kumaran
report at bugs.python.org
Tue Jan 5 00:30:14 EST 2016
Senthil Kumaran added the comment:
SimpleHTTPServer is never meant to be used in production.
I was of the understanding that we already inform users about it in the documentation, but I do not find any such note. Only in wsgiref's simple_server.py example, we state that in the module header
https://hg.python.org/cpython/file/tip/Lib/wsgiref/simple_server.py#l1
For SimpleHTTPServer, we could add a similar warning in docs.
"SimpleHTTPServer is meant for demo purposes and does not implement the stringent security checks needed of real HTTP server. We do not recommend using this module directly in production."
If an alternate wording is desired, please suggest in that in comments.
----------
nosy: +orsenthil
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26005>
_______________________________________
More information about the Python-bugs-list
mailing list