This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author orsenthil
Recipients Richard Clifford, brett.cannon, ethan.furman, martin.panter, orsenthil, vstinner
Date 2016-01-05.05:30:13
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1451971814.3.0.153998845446.issue26005@psf.upfronthosting.co.za>
In-reply-to
Content 
SimpleHTTPServer is never meant to be used in production.

I was of the understanding that we already inform users about it in the documentation, but I do not find any such note. Only in wsgiref's simple_server.py example, we state that in the module header
https://hg.python.org/cpython/file/tip/Lib/wsgiref/simple_server.py#l1

For SimpleHTTPServer, we could add a similar warning in docs.

"SimpleHTTPServer is meant for demo purposes and does not implement the stringent security checks needed of real HTTP server. We do not recommend using this module directly in production."

If an alternate wording is desired, please suggest in that in comments.
History
Date User Action Args
2016-01-05 05:30:14orsenthilsetrecipients: + orsenthil, brett.cannon, vstinner, ethan.furman, martin.panter, Richard Clifford
2016-01-05 05:30:14orsenthilsetmessageid: <1451971814.3.0.153998845446.issue26005@psf.upfronthosting.co.za>
2016-01-05 05:30:14orsenthillinkissue26005 messages
2016-01-05 05:30:14orsenthilcreate