[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security
Felipe Rodrigues
report at bugs.python.org
Thu Sep 27 08:04:32 EDT 2018
Felipe Rodrigues <felipe at felipevr.com> added the comment:
Well, even if we do fix some security issues in SimpleHTTPServer, it doesn't change the fact that it shouldn't really be used for sensitive applications. I like how Django docs handles a similar issue regarding their development server (https://docs.djangoproject.com/en/2.1/ref/django-admin/#runserver)
> DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests. (And that’s how it’s gonna stay. We’re in the business of making Web frameworks, not Web servers, so improving this server to be able to handle a production environment is outside the scope of Django.)
I think that the same philosophy applies to SimpleHTTPServer. If the warning should be add to the docs, I'll be glad to issue an PR fixing it!
----------
nosy: +fbidu
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34576>
_______________________________________
More information about the Python-bugs-list
mailing list