Message 114269 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	orsenthil
Recipients	BreamoreBoy, aptshansen, kasplat, orsenthil, pboddie, ping
Date	2010-08-18.19:36:57
SpamBayes Score	1.4334765e-07
Marked as misclassified	No
Message-id	<1282160220.03.0.38020754608.issue672656@psf.upfronthosting.co.za>
In-reply-to

Content
As the pydoc server "advertises" that it is running from localhost in both CLI and GUI, it is best to bind the socket to 'localhost' instead of '' (which would bind it to all the interfaces). So, a simple fix for this issue, which will remove the security concern: host = 'localhost' - self.address = ('', port) + self.address = (host, port) If is to be run from user-defined interface with a new --host <interface> option, that it can be dealt with as new feature request. This issue can be considered fixed with commits r84173 and r84174.

As the pydoc server "advertises" that it is running from localhost in both CLI and GUI, it is best to bind the socket to 'localhost' instead of '' (which would bind it to all the interfaces).

So, a simple fix for this issue, which will remove the security concern:
             host = 'localhost'
-            self.address = ('', port)
+            self.address = (host, port)

If is to be run from user-defined interface with a new --host <interface> option, that it can be dealt with as new feature request.

This issue can be considered fixed with commits r84173 and r84174.

History
Date	User	Action	Args
2010-08-18 19:37:00	orsenthil	set	recipients: + orsenthil, ping, kasplat, pboddie, aptshansen, BreamoreBoy
2010-08-18 19:37:00	orsenthil	set	messageid: <1282160220.03.0.38020754608.issue672656@psf.upfronthosting.co.za>
2010-08-18 19:36:58	orsenthil	link	issue672656 messages
2010-08-18 19:36:57	orsenthil	create