Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security issues of CGIHTTPServer and CGIHTTPServer? #65

Closed
GoogleCodeExporter opened this Issue Aug 20, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
Copy link

GoogleCodeExporter commented Aug 20, 2015

The comments in standalone.py state that there are security issues with using 
it:
https://code.google.com/p/pywebsocket/source/browse/trunk/src/mod_pywebsocket/st
andalone.py

"SECURITY WARNING: This uses CGIHTTPServer and CGIHTTPServer is not secure.
It may execute arbitrary Python code or external programs. It should not be
used outside a firewall."

Why are these modules insecure? How can I run pywebsocket securely in a 
standalone way?

Regards,
Andreas

Original issue reported on code.google.com by andre...@pvv.ntnu.no on 3 Sep 2010 at 11:24

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Aug 20, 2015

This is warning written in CGIHTTPServer.py in python.

Original comment by ukai@chromium.org on 6 Sep 2010 at 8:07

  • Changed state: WontFix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.