469,328 Members | 1,327 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,328 developers. It's quick & easy.

Facing the world with SimpleHTTPServer

Hola -

I'm curious about using SimpleHTTPServer as the web server on my home
machine. It would pretty much just be hit by me, search robots, and
automated attacks :)

So, before I ditch apache for the fun, all-python setup, are there any
security concerns about using SimpleHTTPServer?
Thanks for any advice/info,

Jed

Jul 18 '05 #1
2 3021
Jed Parsons wrote:
Hola -

I'm curious about using SimpleHTTPServer as the web server on my home
machine. It would pretty much just be hit by me, search robots, and
automated attacks :)

So, before I ditch apache for the fun, all-python setup, are there any
security concerns about using SimpleHTTPServer?
Thanks for any advice/info,

Jed


Security concerns: I don't really know, but there is one nasty
problem with it: it reports an invalid content-length for text files.
(sourceforce patch 839496).

--Irmen
Jul 18 '05 #2
Jed Parsons wrote:
So, before I ditch apache for the fun, all-python setup, are there any
security concerns about using SimpleHTTPServer?
Thanks for any advice/info,


I know it's open to denial of service attacks.

For example, if you give it a lot of headers, esp.
with long lines, then you can cause the server to
exhaust all memory. Eventually. Apache and the HTTP
protocol both have ways to limit the max header line
and the max number of headers received before giving
an error message.

If you're single threaded there's no timeout so
you can effectively make the machine freeze. If
you're multi-threaded you can instead make the process
run out of available descriptors.

Of course Apache has the last problem too, but it
does allow timeouts on the total request time so
feeding it a character a second and it will eventually
drop the request. I think.

Andrew
da***@dalkescientific.com
Jul 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Joshua W. Biagio | last post: by
2 posts views Thread by Bryan Rasmussen | last post: by
3 posts views Thread by Sanghyeon Seo | last post: by
9 posts views Thread by jbrewer | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by suresh191 | last post: by
reply views Thread by Purva khokhar | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.