Security issues of CGIHTTPServer and CGIHTTPServer? #65

Closed
GoogleCodeExporter opened this Issue Aug 20, 2015 · 1 comment

Comments

Projects
None yet
1 participant
The comments in standalone.py state that there are security issues with using 
it:
https://code.google.com/p/pywebsocket/source/browse/trunk/src/mod_pywebsocket/st
andalone.py

"SECURITY WARNING: This uses CGIHTTPServer and CGIHTTPServer is not secure.
It may execute arbitrary Python code or external programs. It should not be
used outside a firewall."

Why are these modules insecure? How can I run pywebsocket securely in a 
standalone way?

Regards,
Andreas

Original issue reported on code.google.com by andre...@pvv.ntnu.no on 3 Sep 2010 at 11:24

This is warning written in CGIHTTPServer.py in python.

Original comment by ukai@chromium.org on 6 Sep 2010 at 8:07

  • Changed state: WontFix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment