Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bpo-42988: Improve pydoc web server security #24285

Closed
wants to merge 8 commits into from

Conversation

Fidget-Spinner
Copy link
Member

@Fidget-Spinner Fidget-Spinner commented Jan 21, 2021

  • Remove html_getfile.
  • Use locally generated secret to prevent other users from accessing a running web server.

EDIT: Honestly I'm not sure if we need to remove html_getfile now that there's a token to validate the user.

https://bugs.python.org/issue42988

Lib/pydoc.py Outdated Show resolved Hide resolved
@Fidget-Spinner Fidget-Spinner changed the title bpo-42988: Remove html_getfile operation from pydoc due to security concerns bpo-42988: Improve pydoc web server security Jan 22, 2021
@github-actions
Copy link

github-actions bot commented Feb 26, 2021

This PR is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale Stale PR or inactive for long period of time. label Feb 26, 2021
Lib/pydoc.py Outdated Show resolved Hide resolved
@vstinner
Copy link
Member

vstinner commented Mar 29, 2021

I merged PR #25015 fix instead.

@vstinner vstinner closed this Mar 29, 2021
@Fidget-Spinner Fidget-Spinner deleted the pydoc-getfile branch May 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awaiting review stale Stale PR or inactive for long period of time.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants