On Feb 12, 2006, at 6:39 AM, Alan Kennedy wrote: > So, I still think that only basic servers educational/playpen servers > should go in the standard library, with an indication that the user > should pick an openly server from outside the distro if they > require to > do serious server work.
I agree 100%. > > Maybe if there were no "production-ready" servers in the standard > library, there would be no need for a "Python Security Response Team". As an example, it's currently possible to perform denial of service on any framework/server that uses the cgi.FieldStorage module. See http://sourceforge.net/tracker/? func=detail&aid=1112549&group_id=5470&atid=105470 . That module probably doesn't belong in the stdlib in the first place, but it's in there, and now things depend on it. In the meantime, this patch *really* should have been applied by now but hasn't been. If anyone has checkin access, or can help me poke the appropriate person, it would help... this was reported to the SRT at the time. - C _______________________________________________ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
