472,805 Members | 4,133 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > facing the world with simplehttpserver

Join Bytes to post your question to a community of 472,805 software developers and data experts.

Facing the world with SimpleHTTPServer

Hola -

I'm curious about using SimpleHTTPServer as the web server on my home
machine. It would pretty much just be hit by me, search robots, and
automated attacks :)

So, before I ditch apache for the fun, all-python setup, are there any
security concerns about using SimpleHTTPServer?
Thanks for any advice/info,

Jed

Jul 18 '05 #1
2 3088
Jed Parsons wrote:
Hola -

I'm curious about using SimpleHTTPServer as the web server on my home
machine. It would pretty much just be hit by me, search robots, and
automated attacks :)

So, before I ditch apache for the fun, all-python setup, are there any
security concerns about using SimpleHTTPServer?
Thanks for any advice/info,

Jed


Security concerns: I don't really know, but there is one nasty
problem with it: it reports an invalid content-length for text files.
(sourceforce patch 839496).

--Irmen
Jul 18 '05 #2
Jed Parsons wrote:
So, before I ditch apache for the fun, all-python setup, are there any
security concerns about using SimpleHTTPServer?
Thanks for any advice/info,


I know it's open to denial of service attacks.

For example, if you give it a lot of headers, esp.
with long lines, then you can cause the server to
exhaust all memory. Eventually. Apache and the HTTP
protocol both have ways to limit the max header line
and the max number of headers received before giving
an error message.

If you're single threaded there's no timeout so
you can effectively make the machine freeze. If
you're multi-threaded you can instead make the process
run out of available descriptors.

Of course Apache has the last problem too, but it
does allow timeouts on the total request time so
feeding it a character a second and it will eventually
drop the request. I think.

Andrew
da***@dalkescientific.com
Jul 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
BaseHTTPServer/SimpleHTTPServer HTTP/1.1 support?
by: Joshua W. Biagio | last post by:
Hello all, I am having difficulty getting the HTTP/1.1 support (i.e. pipelining and persistent connections) for the BaseHTTPServer library to work. When I change the line for the protocol in...
Python
2
SimpleHTTPServer, queries unhandled?
by: Bryan Rasmussen | last post by:
Hey just doing some preliminary testing with SimpleHTTPServer, and i noticed that when i request a resource with a query string parameters that this was not handled. is this correct, or is there...
Python
3
How to run SimpleHTTPServer on IronPython on Mono
by: Sanghyeon Seo | last post by:
I took some time to write this HOWTO: http://sparcs.kaist.ac.kr/~tinuviel/fepy/howto/simplehttpserver-ironpython-mono-howto.html IronPython seems to get much less interest than it deserves. This...
Python
1
Problem - Serving web pages on the desktop (SimpleHTTPServer)
by: Ben | last post by:
Hi there, Perhaps someone can help me. For some reason, when my Python script runs and loads an HTML page in a new browser window at the local host (desktop), the links to my stylesheet and all...
Python
9
XML-RPC + SimpleHTTPServer question
by: jbrewer | last post by:
I'm currently implementing an XML-RPC service in Python where binary data is sent to the server via URLs. However, some clients that need to access the server may not have access to a web server,...
Python
0
why can i still able to reproduce the SimpleHTTPServer bug which issaid fixed 3 years ago?
by: Leo Jay | last post by:
http://bugs.python.org/issue1097597 in my python 2.5.2, i still find these code in SimpleHTTPServer.py, is that deliberate? ctype = self.guess_type(path) if ctype.startswith('text/'): mode =...
Python
0
Re: why can i still able to reproduce the SimpleHTTPServer bug whichis said fixed 3 years ago?
by: Gabriel Genellina | last post by:
En Fri, 13 Jun 2008 04:02:48 -0300, Leo Jay <python.leojay@gmail.com> escribió: According to http://bugs.python.org/issue839496 it should have been corrected, but apparently the patch was only...
Python
1
Re: why can i still able to reproduce the SimpleHTTPServer bugwhichis said fixed 3 years ago?
by: Terry Reedy | last post by:
"Gabriel Genellina" <gagsl-py2@yahoo.com.arwrote in message news:op.ucokc3o6x6zn5v@gabriel2.softlabbsas.com.ar... En Fri, 13 Jun 2008 04:02:48 -0300, Leo Jay <python.leojay@gmail.com> escribió: ...
Python
4
[BaseHTTPServer/SimpleHTTPServer] Remove "Server:" header
by: sebsauvage | last post by:
Hello. I'm using SimpleHTTPServer (work well) but it always sends "Server" header in response: "Server: SimpleHTTP/0.6 Python/2.5.1" How can I remove that ? I tried:
Python
2
isladogs
Access Europe meeting on Wed 2 August - An Access Developer Guide to creating applications in Blazor
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
linyimin
Speedup your spring application
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
General
0
Development of Funny H5 Game - Toy Claw
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
HTML / CSS
2
isladogs
Access Europe meeting on Wed 6 Sept - Database Analyzer and other tools
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
How to insert a new record in a database
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
DB2 Database
0
Python code for finding the longest common subsequence
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
Python
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
0
How does React native implement an English player?
by: lllomh | last post by:
How does React native implement an English player?
Mobile Development
2
Windows 11 and Access Combo Box Issue
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!