Thanks to visit codestin.com
Credit goes to github.com

Skip to content

bpo-34576 warn users on security for http.server #9720

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 11, 2018
Merged

bpo-34576 warn users on security for http.server #9720

merged 1 commit into from
Oct 11, 2018

Conversation

fbidu
Copy link
Contributor

@fbidu fbidu commented Oct 5, 2018
edited
Loading

It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil

I created a section called "Security Considerations" as recommended in Documenting Python
This needs to be backported to the Python 2 docs for SimpleHTTPServer but I'm not really sure how should I proceed to do that.

https://bugs.python.org/issue34576

@fbidu
bpo-34576 warn users on security for http.server
550560b 
It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
@bedevere-bot bedevere-bot added docs Documentation in the Doc dir awaiting review labels Oct 5, 2018
augustogoulart
augustogoulart reviewed Oct 10, 2018
View reviewed changes
orsenthil
orsenthil approved these changes Oct 11, 2018
View reviewed changes
Copy link
Member

@orsenthil orsenthil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@orsenthil orsenthil merged commit 1d26c72 into python:master Oct 11, 2018
@bedevere-bot
Copy link

@orsenthil: Please replace # with GH- in the commit message next time. Thanks!

@miss-islington
Copy link
Contributor

Thanks @fbidu for the PR, and @orsenthil for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Thanks @fbidu for the PR, and @orsenthil for merging it 🌮🎉.. I'm working now to backport this PR to: 3.6.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Oct 11, 2018
@fbidu @miss-islington
bpo-34576 warn users on security for http.server (pythonGH-9720)
fccf62b 
It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
(cherry picked from commit 1d26c72)

Co-authored-by: Felipe Rodrigues <[email protected]>
@bedevere-bot
Copy link

GH-9794 is a backport of this pull request to the 3.6 branch.

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Oct 11, 2018
@fbidu @miss-islington
bpo-34576 warn users on security for http.server (pythonGH-9720)
7e587cb 
It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
(cherry picked from commit 1d26c72)

Co-authored-by: Felipe Rodrigues <[email protected]>
@bedevere-bot
Copy link

GH-9795 is a backport of this pull request to the 3.7 branch.

@fbidu
Copy link
Contributor Author

fbidu commented Oct 11, 2018

@orsenthil I made a small fix in the wording of the sentence, the commit did not appear here because of the merging... Is it possible to reopen it?

@orsenthil
Copy link
Member

@fbidu - what is the fix? I reviewed before the merge and found the current change ok.

@orsenthil
Copy link
Member

If anything significant, we will have bring it in as a separate patch.

miss-islington added a commit that referenced this pull request Oct 11, 2018
@miss-islington @fbidu
bpo-34576 warn users on security for http.server (GH-9720)
3baee3b 
It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
(cherry picked from commit 1d26c72)

Co-authored-by: Felipe Rodrigues <[email protected]>
miss-islington added a commit that referenced this pull request Oct 11, 2018
@miss-islington @fbidu
bpo-34576 warn users on security for http.server (GH-9720)
57038bc 
It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
(cherry picked from commit 1d26c72)

Co-authored-by: Felipe Rodrigues <[email protected]>
@fbidu
Copy link
Contributor Author

fbidu commented Oct 11, 2018

@orsenthil I changed "does not implement the stringent security checks needed of real HTTP server" to "does not implement the stringent security checks needed for a real HTTP server". I think 'need for' makes more sense

ned-deily added a commit to ned-deily/cpython that referenced this pull request Oct 20, 2018
@ned-deily
bpo-34576: Revert doc change until it can be properly fixed (pythonGH…
92fe93e 
…-9720)

This reverts commit 3baee3b.
ned-deily added a commit to ned-deily/cpython that referenced this pull request Oct 20, 2018
@ned-deily
bpo-34576: Revert doc change until it can be properly fixed (pythonGH…
32fe7b0 
…-9720)

This reverts commit 57038bc.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@augustogoulart augustogoulart augustogoulart left review comments

@orsenthil orsenthil orsenthil approved these changes

Assignees
No one assigned
Labels
docs Documentation in the Doc dir skip news
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@fbidu @bedevere-bot @miss-islington @orsenthil @augustogoulart @the-knights-who-say-ni