擅长:python、mysql、java
<p>同意S.Lott的回答,但是当你质疑这是一种不安全的静态文件服务方式时,这是真的吗?</em></p>
<p>我想有必要解释一下为什么。在</p>
<p><a href="https://groups.google.com/forum/#!msg/django-users/Tbj_AhMo4Ak/U4ZvCvOVAxsJ" rel="nofollow">The answer of <em>Why serve static files from django is insecure</em></a>解释了原因。此处引用:</p>
<blockquote>
<p>Nothing can be considered secure unless it is designed and audited for security. We have done neither with the static file server. It may not have existing security holes, but it should not be considered secure because that's not a design goal.</p>
<p>For example, a secure file server would need to check for resource allocation problems so that serving a very large file didn't constitute a denial-of-service attack. That requires a lot of extra code and pipeline management which isn't worth putting into something that's just for development purposes.</p>
</blockquote>