Senthil Kumaran <[email protected]> added the comment:
As the pydoc server "advertises" that it is running from localhost in both CLI
and GUI, it is best to bind the socket to 'localhost' instead of '' (which
would bind it to all the interfaces).
So, a simple fix for this issue, which will remove the security concern:
host = 'localhost'
- self.address = ('', port)
+ self.address = (host, port)
If is to be run from user-defined interface with a new --host <interface>
option, that it can be dealt with as new feature request.
This issue can be considered fixed with commits r84173 and r84174.
----------
nosy: +orsenthil
resolution: -> fixed
stage: unit test needed -> committed/rejected
status: open -> closed
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue672656>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
