diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst index d54bd05cddded83d3abe43137dc8a2ff6df95ee8..0ba509181acd1305dec9780b6e10dab0cba9c1db 100644 --- a/Doc/library/http.server.rst +++ b/Doc/library/http.server.rst @@ -20,7 +20,7 @@ This module defines classes for implementing HTTP servers (Web servers). .. warning:: :mod:`http.server` is not recommended for production. It only implements - basic security checks. + :ref:`basic security checks <http.server-security>`. One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass. It creates and listens at the HTTP socket, dispatching the requests to a @@ -477,3 +477,14 @@ the following command uses a specific directory:: the ``--cgi`` option:: python -m http.server --cgi 8000 + +.. _http.server-security: + +Security Considerations +----------------------- + +.. index:: pair: http.server; security + +:class:`SimpleHTTPRequestHandler` will follow symbolic links when handling +requests, this makes it possible for files outside of the specified directory +to be served.