Steven D'Aprano <st...@pearwood.info>: > "Even an unauthenticated service listening on localhost is risky these > days." > > but fall short of *explicitly* recommending that they should be > authenticated. Although they do *implicitly* do so, by saying that "it > wouldn't be hard" for such services to include a password.
In the local case, one should consider using local domain sockets (AF_LOCAL), which can reliably identify the peer's credentials (SO_PASSCRED, SO_PEERCRED). Marko -- https://mail.python.org/mailman/listinfo/python-list
