[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:

This is resolved. Thank you, all.

--
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:


New changeset 8be1c043a6d10d375f7a73c681cb2d7ec2f2d361 by Senthil Kumaran in 
branch '3.6':
[3.6] - bpo-34576 : Backport eeab510 3.6 (GH-10113)
https://github.com/python/cpython/commit/8be1c043a6d10d375f7a73c681cb2d7ec2f2d361


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:


New changeset bb1876acd815a05744cea4a7d4098231ef499e52 by Senthil Kumaran in 
branch '3.7':
[3.7]  bpo-34576 : Backport eeab510 (#10114)
https://github.com/python/cpython/commit/bb1876acd815a05744cea4a7d4098231ef499e52


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:


New changeset 971089fc2a09e4bcb872efac52c1b014af16fff9 by Senthil Kumaran in 
branch '2.7':
[2.7] bpo-34576 : Backport eeab510 2.7 (#10115)
https://github.com/python/cpython/commit/971089fc2a09e4bcb872efac52c1b014af16fff9


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:

This should be it - 

https://github.com/python/cpython/pull/10116
https://github.com/python/cpython/pull/10114
https://github.com/python/cpython/pull/10113
https://github.com/python/cpython/pull/10115

Lets merge these simple PRs and close this issue.

--
resolution:  -> fixed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Change by Senthil Kumaran :


--
pull_requests: +9449

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Change by Senthil Kumaran :


--
pull_requests: +9448

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Change by Senthil Kumaran :


--
pull_requests: +9446, 9447

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Change by Senthil Kumaran :


--
pull_requests: +9446

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Change by Senthil Kumaran :


--
pull_requests: +9445

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[STINNER Victor]

STINNER Victor  added the comment:

"http.server is meant for demo purposes and does not implement the stringent 
security checks needed of a real HTTP server. We do not recommend using this 
module directly in production."

I'm not sure about "demo" and "real" in this warning. I propose:

"http.server is not recommended for production: it only implements basic 
security checks."

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:


New changeset eeab510bb7e51802c18b3770cbb23ae0ca91da6b by Senthil Kumaran in 
branch 'master':
bpo-34576 - Fix the formatting for security considerations in http.server.rst 
(#10005)
https://github.com/python/cpython/commit/eeab510bb7e51802c18b3770cbb23ae0ca91da6b


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:

Please approve this one - https://github.com/python/cpython/pull/10005 and I 
adopt the backports according the reverts.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:

No problem, Ned. I will update it.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Ned Deily]

Ned Deily  added the comment:

Sorry, Senthil, I reverted the original PRs for 3.7.1 and 3.6.7 so you may need 
to redo your new PR.

--
priority: deferred blocker -> 

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Ned Deily]

Ned Deily  added the comment:


New changeset 32fe7b0188bb73c84c0bde80643b6a3bfd03ba93 by Ned Deily in branch 
'3.7':
bpo-34576: Revert doc change until it can be properly fixed (GH-9720)
https://github.com/python/cpython/commit/32fe7b0188bb73c84c0bde80643b6a3bfd03ba93


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Ned Deily]

Ned Deily  added the comment:


New changeset 92fe93e48a852d22ba33c0fa12112ae664724202 by Ned Deily in branch 
'3.6':
bpo-34576: Revert doc change until it can be properly fixed (GH-9720)
https://github.com/python/cpython/commit/92fe93e48a852d22ba33c0fa12112ae664724202


--
nosy: +ned.deily

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:

Fixed it here - https://github.com/python/cpython/pull/10005
And tested the rendering too 
https://screenshots.firefox.com/9Wlq9v1Y7M4DZBsG/localhost

Upon review / approval, I will merge this. 

Thank you!

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Change by Senthil Kumaran :


--
assignee:  -> orsenthil

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Change by Senthil Kumaran :


--
pull_requests: +9346

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Ned Deily]

Change by Ned Deily :


--
priority: normal -> deferred blocker

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:

@Victor - Surprising. Thanks for noticing this. I will fix it shortly.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[STINNER Victor]

STINNER Victor  added the comment:

The render is surprising: it looks like the full documentation is part of the § 
Security Considerations:

https://docs.python.org/dev/library/http.server.html#security-considerations

I suggest to add a new title for the rest of the documentation.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[miss-islington]

miss-islington  added the comment:


New changeset 57038bcb24407a46e6d278d0ab4b6ad25bbf by Miss Islington (bot) 
in branch '3.7':
bpo-34576 warn users on security for http.server (GH-9720)
https://github.com/python/cpython/commit/57038bcb24407a46e6d278d0ab4b6ad25bbf


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[miss-islington]

miss-islington  added the comment:


New changeset 3baee3b39765f5e8ec616b2b71b731b140486394 by Miss Islington (bot) 
in branch '3.6':
bpo-34576 warn users on security for http.server (GH-9720)
https://github.com/python/cpython/commit/3baee3b39765f5e8ec616b2b71b731b140486394


--
nosy: +miss-islington

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[miss-islington]

Change by miss-islington :


--
pull_requests: +9176

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[miss-islington]

Change by miss-islington :


--
pull_requests: +9178

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Senthil Kumaran]

Senthil Kumaran  added the comment:


New changeset 1d26c72e6a9c5b28b27c158f2f196217707dbb0f by Senthil Kumaran 
(Felipe Rodrigues) in branch 'master':
bpo-34576 warn users on security for http.server (#9720)
https://github.com/python/cpython/commit/1d26c72e6a9c5b28b27c158f2f196217707dbb0f


--
nosy: +orsenthil

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Felipe Rodrigues]

Change by Felipe Rodrigues :


--
keywords: +patch
pull_requests: +9103
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Martin Panter]

Martin Panter  added the comment:

FYI Senthil made an earlier suggestion for wording at 


--
nosy: +martin.panter

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Prashant Sharma]

Prashant Sharma  added the comment:

Should this change be done? If so, I would want to take up this issue.

--
nosy: +gutsytechster

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Felipe Rodrigues]

Felipe Rodrigues  added the comment:

Well, even if we do fix some security issues in SimpleHTTPServer, it doesn't 
change the fact that it shouldn't really be used for sensitive applications. I 
like how Django docs handles a similar issue regarding their development server 
(https://docs.djangoproject.com/en/2.1/ref/django-admin/#runserver)

> DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through 
> security audits or performance tests. (And that’s how it’s gonna stay. We’re 
> in the business of making Web frameworks, not Web servers, so improving this 
> server to be able to handle a production environment is outside the scope of 
> Django.)

I think that the same philosophy applies to SimpleHTTPServer. If the warning 
should be add to the docs, I'll be glad to issue an PR fixing it!

--
nosy: +fbidu

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[Benjamin Peterson]

Benjamin Peterson  added the comment:

There was some disagreement later on the list about adding this warning. We 
will fix security issues in SimpleHTTPServer.

--
nosy: +benjamin.peterson

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34576] [EASY doc] http.server, SimpleHTTPServer: warn users on security

[STINNER Victor]

Change by STINNER Victor :


--
keywords: +easy
title: SimpleHTTPServer: warn users on security -> [EASY doc] http.server, 
SimpleHTTPServer: warn users on security

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com