Issue 36873: http.server: Document explicitly that symbolic links are followed

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/81054

classification

Title:	http.server: Document explicitly that symbolic links are followed
Type:	security	Stage:
Components:	Documentation	Versions:	Python 3.8

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:	docs@python	Nosy List:	docs@python, vstinner
Priority:	normal	Keywords:

Created on 2019-05-10 03:41 by vstinner, last changed 2022-04-11 14:59 by admin.

Messages (1)
msg342054 - (view)	Author: STINNER Victor (vstinner) *	Date: 2019-05-10 03:41
http.server documentation starts with a red warning: "Warning: http.server is not recommended for production. It only implements basic security checks." https://docs.python.org/dev/library/http.server.html It would help to be even more explicit on what it means. For example, document that symbolic links are followed and SimpleHTTPRequestHandler directory can be "escaped" following symbolic links.

msg342054 - (view)

Author: STINNER Victor (vstinner) * (Python committer)

Date: 2019-05-10 03:41

http.server documentation starts with a red warning:

"Warning: http.server is not recommended for production. It only implements basic security checks."

https://docs.python.org/dev/library/http.server.html

It would help to be even more explicit on what it means. For example, document that symbolic links are followed and SimpleHTTPRequestHandler directory can be "escaped" following symbolic links.

History
Date	User	Action	Args
2022-04-11 14:59:15	admin	set	github: 81054
2019-05-10 03:41:31	vstinner	create