[Python-checkins] bpo-34576 warn users on security for http.server (GH-9720)
Miss Islington (bot)
webhook-mailer at python.org
Wed Oct 10 23:55:37 EDT 2018
https://github.com/python/cpython/commit/57038bcb24407abbbb46e6d278d0ab4b6ad25bbf
commit: 57038bcb24407abbbb46e6d278d0ab4b6ad25bbf
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2018年10月10日T20:55:34-07:00
summary:
bpo-34576 warn users on security for http.server (GH-9720)
It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
(cherry picked from commit 1d26c72e6a9c5b28b27c158f2f196217707dbb0f)
Co-authored-by: Felipe Rodrigues <felipe at felipevr.com>
files:
M Doc/library/http.server.rst
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index 0bd7f778cec0..0b93c62288b1 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -16,6 +16,14 @@
This module defines classes for implementing HTTP servers (Web servers).
+Security Considerations
+-----------------------
+
+http.server is meant for demo purposes and does not implement the stringent
+security checks needed of real HTTP server. We do not recommend
+using this module directly in production.
+
+
One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass.
It creates and listens at the HTTP socket, dispatching the requests to a
handler. Code to create and run the server looks like this::
More information about the Python-checkins
mailing list