search

vsajip / pywebsocket

Automatically exported from code.google.com/p/pywebsocket
0 stars 0 forks source link

Security issues of CGIHTTPServer and CGIHTTPServer? #65

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The comments in standalone.py state that there are security issues with using 
it:
https://code.google.com/p/pywebsocket/source/browse/trunk/src/mod_pywebsocket/st
andalone.py

"SECURITY WARNING: This uses CGIHTTPServer and CGIHTTPServer is not secure.
It may execute arbitrary Python code or external programs. It should not be
used outside a firewall."

Why are these modules insecure? How can I run pywebsocket securely in a 
standalone way?

Regards,
Andreas

Original issue reported on code.google.com by andre...@pvv.ntnu.no on 3 Sep 2010 at 11:24

GoogleCodeExporter commented 9 years ago 
This is warning written in CGIHTTPServer.py in python.

Original comment by ukai@chromium.org on 6 Sep 2010 at 8:07