Nothing can be considered secure unless it is designed and audited for security. We have done neither with the static file server. It may not have existing security holes, but it should not be considered secure because that's not a design goal.
For example, a secure file server would need to check for resource allocation problems so that serving a very large file didn't constitute a denial-of-service attack. That requires a lot of extra code and pipeline management which isn't worth putting into something that's just for development purposes.
当然。你觉得他们为什么这么说?在
这就是Apache的目的。或是gingx或lighttpd或其他大量的web服务器。在
通常。在
django1.3确实区分了上传和下载的“媒体”和静态的静态文件。在
同意S.Lott的回答,但是当你质疑这是一种不安全的静态文件服务方式时,这是真的吗?
我想有必要解释一下为什么。在
The answer of Why serve static files from django is insecure解释了原因。此处引用:
相关问题 更多 >
编程相关推荐