Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Python (http://www.velocityreviews.com/forums/f43-python.html)
-   -   Re: Securing PyDoc and CGIHTTPserver (http://www.velocityreviews.com/forums/t319495-re-securing-pydoc-and-cgihttpserver.html)

Shane Hathaway 07-10-2003 03:36 PM

Re: Securing PyDoc and CGIHTTPserver
 
Jon Schull wrote:
> The port number used by pydoc is currently set by the user at the
> command line. Many people probably use the example given in the
> python module documentation : "python -p 1234" However, if the port
> were chosen at random and printed out, then only pydoc and the user
> would know how to access the pydoc server.


What about binding only to the local (loopback) interface? That way,
the system won't even listen for external connections. It's like a
built-in firewall.

The change is a one-liner. The DocServer computes the hostname for the
loopback interface but then binds to all interfaces. So change this line:

self.address = ('', port)

to:

self.address = (host, port)

Shane



Shane Hathaway 07-11-2003 05:05 PM

Re: Securing PyDoc and CGIHTTPserver
 
Irmen de Jong wrote:
> Shane Hathaway wrote:
>
>> What about binding only to the local (loopback) interface? That way,
>> the system won't even listen for external connections. It's like a
>> built-in firewall.
>>
>> The change is a one-liner. The DocServer computes the hostname for
>> the loopback interface but then binds to all interfaces. So change
>> this line:
>>
>> self.address = ('', port)
>>
>> to:
>>
>> self.address = (host, port)
>>

>
> I think Shane meant:
>
> self.address = ('localhost',port)


No, actually the 'host' variable is computed on the line before it. :-)
It's either "127.0.0.1" or "localhost", depending on the platform.
"localhost" is preferable for readability, but "127.0.0.1" is more reliable.

Shane




All times are GMT. The time now is 04:12 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.