diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-10-11 03:31:27 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-10-11 03:31:27 (GMT) |
| commit | 3baee3b39765f5e8ec616b2b71b731b140486394 (patch) | |
| tree | 29adfcd929a9bfd3fa33388e16bae97902abc13d /Doc/library | |
| parent | a14dda5df62369d01db6c7519e73aae71d0e7cfe (diff) | |
| download | cpython-3baee3b39765f5e8ec616b2b71b731b140486394.zip cpython-3baee3b39765f5e8ec616b2b71b731b140486394.tar.gz cpython-3baee3b39765f5e8ec616b2b71b731b140486394.tar.bz2 | |
bpo-34576 warn users on security for http.server (GH-9720)
It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
(cherry picked from commit 1d26c72e6a9c5b28b27c158f2f196217707dbb0f)
Co-authored-by: Felipe Rodrigues <felipe@felipevr.com>
Diffstat (limited to 'Doc/library')
| -rw-r--r-- | Doc/library/http.server.rst | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst index b29020b..ab5d568 100644 --- a/Doc/library/http.server.rst +++ b/Doc/library/http.server.rst @@ -16,6 +16,14 @@ This module defines classes for implementing HTTP servers (Web servers). +Security Considerations +----------------------- + +http.server is meant for demo purposes and does not implement the stringent +security checks needed of real HTTP server. We do not recommend +using this module directly in production. + + One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass. It creates and listens at the HTTP socket, dispatching the requests to a handler. Code to create and run the server looks like this:: |