New submission from STINNER Victor <vstin...@redhat.com>:
Larry Hastings proposed on the PSRT mailing list to add the following note of the SimpleHTTPServer documentation: Note: SimpleHTTPServer is, as its name implies, a simple HTTP server. We provide it as a sample implementation of the Python HTTP server API. However, SimpleHTTPServer is neither secure nor high-performance, and as such you should not use SimpleHTTPServer in security-sensitive or performance-sensitive applications. For example, if you create a symbolic link outside the directory served by SimpleHTTPServer, SimpleHTTPServer follows symbolic links. ---------- components: Library (Lib) messages: 324577 nosy: vstinner priority: normal severity: normal status: open title: SimpleHTTPServer: warn users on security type: security versions: Python 2.7, Python 3.6, Python 3.7, Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34576> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com