New submission from STINNER Victor <[email protected]>:
Larry Hastings proposed on the PSRT mailing list to add the following note of
the SimpleHTTPServer documentation:
Note: SimpleHTTPServer is, as its name implies, a simple HTTP
server. We provide it as a sample implementation of the Python HTTP
server API. However, SimpleHTTPServer is neither secure nor
high-performance, and as such you should not use SimpleHTTPServer in
security-sensitive or performance-sensitive applications.
For example, if you create a symbolic link outside the directory served by
SimpleHTTPServer, SimpleHTTPServer follows symbolic links.
----------
components: Library (Lib)
messages: 324577
nosy: vstinner
priority: normal
severity: normal
status: open
title: SimpleHTTPServer: warn users on security
type: security
versions: Python 2.7, Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue34576>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
