From 65e110304147fa4c19d9c6cc29e0f289e1465b4b Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Sat, 1 Nov 2008 19:26:08 +0000 Subject: - Change default paster template generator to use ``Paste#http`` server rather than ``PasteScript#cherrpy`` server. The cherrypy server has a security risk in it when ``REMOTE_USER`` is trusted by the downstream application. --- CHANGES.txt | 7 +++++++ docs/narr/MyProject/MyProject.ini | 4 ++-- docs/narr/project.rst | 4 ++-- docs/narr/startup.rst | 11 ++++------- repoze/bfg/paster_template/+project+.ini_tmpl | 3 +-- 5 files changed, 16 insertions(+), 13 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index dcbe01bb3..d8a30aa4a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,10 @@ +Next release + + - Change default paster template generator to use ``Paste#http`` + server rather than ``PasteScript#cherrpy`` server. The cherrypy + server has a security risk in it when ``REMOTE_USER`` is trusted + by the downstream application. + 0.4.1 (10/28/2008) Bug Fixes diff --git a/docs/narr/MyProject/MyProject.ini b/docs/narr/MyProject/MyProject.ini index f76323d50..c1ff50547 100644 --- a/docs/narr/MyProject/MyProject.ini +++ b/docs/narr/MyProject/MyProject.ini @@ -4,9 +4,9 @@ debug = true [app:main] use = egg:MyProject#app reload_templates = true +debug_authorization = false [server:main] -use = egg:PasteScript#cherrypy +use = egg:Paste#http host = 0.0.0.0 port = 6543 -numthreads = 4 diff --git a/docs/narr/project.rst b/docs/narr/project.rst index c7f53a4e5..c117d906a 100644 --- a/docs/narr/project.rst +++ b/docs/narr/project.rst @@ -309,8 +309,8 @@ changes will not require an application restart to be detected. See The ``[server:main]`` section of the configuration file configures a WSGI server which listens on port 6543. It is configured to listen on -all interfaces (``0.0.0.0``), and is configured to use four threads -for our application. +all interfaces (``0.0.0.0``). The ``Paste#http`` server will create a +new thread for each request. .. note:: diff --git a/docs/narr/startup.rst b/docs/narr/startup.rst index 17eb35d1e..b9391b273 100644 --- a/docs/narr/startup.rst +++ b/docs/narr/startup.rst @@ -156,13 +156,10 @@ press ``return`` after running ``paster serve MyProject.ini``. another WSGI application". #. PasteDeploy starts the WSGI *server* defined within the - ``[server:main]`` section. In our case, this is the "CherryPy" - server (``use = egg:PasteScript#cherrypy``), and it will listen on - all interfaces (``host = 0.0.0.0``), on port number 6543 (``port = - 6543``). It will serve up the application using 4 simultaneous - threads (``numthreads = 4``), which means it will handle four - simultaneous requests before needing to put a request in a wait - queue. The server code itself is what prints ``serving on + ``[server:main]`` section. In our case, this is the ``Paste#http`` + server (``use = egg:Paste#http``), and it will listen on all + interfaces (``host = 0.0.0.0``), on port number 6543 (``port = + 6543``). The server code itself is what prints ``serving on 0.0.0.0:6543 view at http://127.0.0.1:6543``. The server serves the application, and the application is running, waiting to receive requests. diff --git a/repoze/bfg/paster_template/+project+.ini_tmpl b/repoze/bfg/paster_template/+project+.ini_tmpl index 2d6c4d0a2..311a2514a 100644 --- a/repoze/bfg/paster_template/+project+.ini_tmpl +++ b/repoze/bfg/paster_template/+project+.ini_tmpl @@ -6,7 +6,6 @@ use = egg:{{project}}#app reload_templates = true [server:main] -use = egg:PasteScript#cherrypy +use = egg:Paste#http host = 0.0.0.0 port = 6543 -numthreads = 4 -- cgit v1.2.3