Felipe Rodrigues <fel...@felipevr.com> added the comment:

Well, even if we do fix some security issues in SimpleHTTPServer, it doesn't 
change the fact that it shouldn't really be used for sensitive applications. I 
like how Django docs handles a similar issue regarding their development server 
(https://docs.djangoproject.com/en/2.1/ref/django-admin/#runserver)

> DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through 
> security audits or performance tests. (And that’s how it’s gonna stay. We’re 
> in the business of making Web frameworks, not Web servers, so improving this 
> server to be able to handle a production environment is outside the scope of 
> Django.)

I think that the same philosophy applies to SimpleHTTPServer. If the warning 
should be add to the docs, I'll be glad to issue an PR fixing it!

----------
nosy: +fbidu

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue34576>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to