classification
Title: http.server: Document explicitly that symbolic links are followed
Type: security Stage:
Components: Documentation Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: docs@python Nosy List: docs@python, vstinner
Priority: normal Keywords:

Created on 2019-05-10 03:41 by vstinner, last changed 2019-05-10 03:41 by vstinner.

Messages (1)
msg342054 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-10 03:41
http.server documentation starts with a red warning:

"Warning: http.server is not recommended for production. It only implements basic security checks."

https://docs.python.org/dev/library/http.server.html

It would help to be even more explicit on what it means. For example, document that symbolic links are followed and SimpleHTTPRequestHandler directory can be "escaped" following symbolic links.
History
Date User Action Args
2019-05-10 03:41:31vstinnercreate