bpo-34576 warn users on security for http.server (#9720)

It was proposed to add an warning for http.server regarding security issues. The wording was provided at bpo-26005 by @orsenthil
author: Felipe Rodrigues <felipe@felipevr.com> 2018-10-11 02:43:40 (GMT)
committer: Senthil Kumaran <skumaran@gatech.edu> 2018-10-11 02:43:40 (GMT)
commit: 1d26c72e6a9c5b28b27c158f2f196217707dbb0f (patch)
tree: f10fc1f8c238514f4d94e720b9fff67b785578a9 /Doc
parent: a6b3ec5b6d4f6387820fccc570eea08b9615620d (diff)
download: cpython-1d26c72e6a9c5b28b27c158f2f196217707dbb0f.zip
cpython-1d26c72e6a9c5b28b27c158f2f196217707dbb0f.tar.gz
cpython-1d26c72e6a9c5b28b27c158f2f196217707dbb0f.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index 0bd7f77..0b93c62 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -16,6 +16,14 @@
 
 This module defines classes for implementing HTTP servers (Web servers).
 
+Security Considerations
+-----------------------
+
+http.server is meant for demo purposes and does not implement the stringent
+security checks needed of real HTTP server. We do not recommend
+using this module directly in production.
+
+
 One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass.
 It creates and listens at the HTTP socket, dispatching the requests to a
 handler.  Code to create and run the server looks like this::
author	Felipe Rodrigues <felipe@felipevr.com>	2018-10-11 02:43:40 (GMT)
committer	Senthil Kumaran <skumaran@gatech.edu>	2018-10-11 02:43:40 (GMT)
commit	1d26c72e6a9c5b28b27c158f2f196217707dbb0f (patch)
tree	f10fc1f8c238514f4d94e720b9fff67b785578a9 /Doc
parent	a6b3ec5b6d4f6387820fccc570eea08b9615620d (diff)
download	cpython-1d26c72e6a9c5b28b27c158f2f196217707dbb0f.zip cpython-1d26c72e6a9c5b28b27c158f2f196217707dbb0f.tar.gz cpython-1d26c72e6a9c5b28b27c158f2f196217707dbb0f.tar.bz2