- Change default paster template generator to use ``Paste#http``

    server rather than ``PasteScript#cherrpy`` server.  The cherrypy
    server has a security risk in it when ``REMOTE_USER`` is trusted
    by the downstream application.

5 files changed, 16 insertions, 13 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index dcbe01bb3..d8a30aa4a 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,10 @@
+Next release
+
+  - Change default paster template generator to use ``Paste#http``
+    server rather than ``PasteScript#cherrpy`` server.  The cherrypy
+    server has a security risk in it when ``REMOTE_USER`` is trusted
+    by the downstream application.
+
 0.4.1 (10/28/2008)
 
   Bug Fixes
diff --git a/docs/narr/MyProject/MyProject.ini b/docs/narr/MyProject/MyProject.ini
index f76323d50..c1ff50547 100644
--- a/docs/narr/MyProject/MyProject.ini
+++ b/docs/narr/MyProject/MyProject.ini
@@ -4,9 +4,9 @@ debug = true
 [app:main]
 use = egg:MyProject#app
 reload_templates = true
+debug_authorization = false
 
 [server:main]
-use = egg:PasteScript#cherrypy
+use = egg:Paste#http
 host = 0.0.0.0
 port = 6543
-numthreads = 4
diff --git a/docs/narr/project.rst b/docs/narr/project.rst
index c7f53a4e5..c117d906a 100644
--- a/docs/narr/project.rst
+++ b/docs/narr/project.rst
@@ -309,8 +309,8 @@ changes will not require an application restart to be detected.  See
 
 The ``[server:main]`` section of the configuration file configures a
 WSGI server which listens on port 6543.  It is configured to listen on
-all interfaces (``0.0.0.0``), and is configured to use four threads
-for our application.
+all interfaces (``0.0.0.0``).  The ``Paste#http`` server will create a
+new thread for each request.
 
 .. note::
 
diff --git a/docs/narr/startup.rst b/docs/narr/startup.rst
index 17eb35d1e..b9391b273 100644
--- a/docs/narr/startup.rst
+++ b/docs/narr/startup.rst
@@ -156,13 +156,10 @@ press ``return`` after running ``paster serve MyProject.ini``.
    another WSGI application".
 
 #. PasteDeploy starts the WSGI *server* defined within the
-   ``[server:main]`` section.  In our case, this is the "CherryPy"
-   server (``use = egg:PasteScript#cherrypy``), and it will listen on
-   all interfaces (``host = 0.0.0.0``), on port number 6543 (``port =
-   6543``).  It will serve up the application using 4 simultaneous
-   threads (``numthreads = 4``), which means it will handle four
-   simultaneous requests before needing to put a request in a wait
-   queue.  The server code itself is what prints ``serving on
+   ``[server:main]`` section.  In our case, this is the ``Paste#http``
+   server (``use = egg:Paste#http``), and it will listen on all
+   interfaces (``host = 0.0.0.0``), on port number 6543 (``port =
+   6543``).  The server code itself is what prints ``serving on
    0.0.0.0:6543 view at http://127.0.0.1:6543``.  The server serves
    the application, and the application is running, waiting to receive
    requests.
diff --git a/repoze/bfg/paster_template/+project+.ini_tmpl b/repoze/bfg/paster_template/+project+.ini_tmpl
index 2d6c4d0a2..311a2514a 100644
--- a/repoze/bfg/paster_template/+project+.ini_tmpl
+++ b/repoze/bfg/paster_template/+project+.ini_tmpl
@@ -6,7 +6,6 @@ use = egg:{{project}}#app
 reload_templates = true
 
 [server:main]
-use = egg:PasteScript#cherrypy
+use = egg:Paste#http
 host = 0.0.0.0
 port = 6543
-numthreads = 4