Title: http.server: Document explicitly that symbolic links are followed
Type: security Stage:
Components: Documentation Versions: Python 3.8
Status: open Resolution:
Dependencies: Superseder:
Assigned To: docs@python Nosy List: docs@python, vstinner
Priority: normal Keywords:

Created on 2019-05-10 03:41 by vstinner, last changed 2019-05-10 03:41 by vstinner.

Messages (1)
msg342054 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-10 03:41
http.server documentation starts with a red warning:

"Warning: http.server is not recommended for production. It only implements basic security checks."

It would help to be even more explicit on what it means. For example, document that symbolic links are followed and SimpleHTTPRequestHandler directory can be "escaped" following symbolic links.
Date User Action Args
2019-05-10 03:41:31vstinnercreate