Fredrik Lundh wrote:
are you trying to say that Django's static server doesn't filter the URL before adding it to the document root ?

Sure it doesn't. Mainly because there is no such thing as "Django static server". That view is just a debugging shortcut to let people develop a site when they can't run a separate HTTP server on their machine for some reason.

I cannot recall ever seeing a HTTP server that didn't attempt to handle this, and I've never heard of a static HTTP server developer that hasn't treated a failure to handle this as a critical security hole.

This is exactly what that "big fat warning" in the docs is about :-).

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to