bpo-34576 warn users on security for http.server (#9720)

author Felipe Rodrigues <felipe@felipevr.com>

Thu, 11 Oct 2018 02:43:40 +0000 (23:43 -0300)

committer Senthil Kumaran <skumaran@gatech.edu>

Thu, 11 Oct 2018 02:43:40 +0000 (19:43 -0700)
author Felipe Rodrigues <felipe@felipevr.com>
Thu, 11 Oct 2018 02:43:40 +0000 (23:43 -0300)
committer Senthil Kumaran <skumaran@gatech.edu>
Thu, 11 Oct 2018 02:43:40 +0000 (19:43 -0700)
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst

index 0bd7f778cec0cf14bc14b1bbc4cc86565e47197a..0b93c62288b189df9db0f48ce002d6adfee03504 100644 (file)
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -16,6 +16,14 @@
  
  This module defines classes for implementing HTTP servers (Web servers).
  
+Security Considerations
+-----------------------
+
+http.server is meant for demo purposes and does not implement the stringent
+security checks needed of real HTTP server. We do not recommend
+using this module directly in production.
+
+
  One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass.
  It creates and listens at the HTTP socket, dispatching the requests to a
  handler.  Code to create and run the server looks like this::
author	Felipe Rodrigues <felipe@felipevr.com>
	Thu, 11 Oct 2018 02:43:40 +0000 (23:43 -0300)
committer	Senthil Kumaran <skumaran@gatech.edu>
	Thu, 11 Oct 2018 02:43:40 +0000 (19:43 -0700)