ruby-changes:62704
From: Kenta <ko1@a...>
Date: Wed, 26 Aug 2020 14:28:26 +0900 (JST)
Subject: [ruby-changes:62704] 72cb9bc55f (master): [webrick][DOC] Describe the stance of WEBrick about its security and utilization (#3457)
https://git.ruby-lang.org/ruby.git/commit/?id=72cb9bc55f From 72cb9bc55f5f96ad6d04129cd997e53c5b0c3a83 Mon Sep 17 00:00:00 2001 From: Kenta Murata <mrkn@u...> Date: Wed, 26 Aug 2020 14:28:05 +0900 Subject: [webrick][DOC] Describe the stance of WEBrick about its security and utilization (#3457) WEBrick is not recommended for the production use. We need to explicitly describe this fact in the document to avoid troubles due to misunderstanding. diff --git a/lib/webrick.rb b/lib/webrick.rb index 1c0eb81..b854b68 100644 --- a/lib/webrick.rb +++ b/lib/webrick.rb @@ -15,6 +15,11 @@ https://github.com/ruby/ruby/blob/trunk/lib/webrick.rb#L15 # WEBrick also includes tools for daemonizing a process and starting a process # at a higher privilege level and dropping permissions. # +# == Security +# +# *Warning:* WEBrick is not recommended for production. It only implements +# basic security checks. +# # == Starting an HTTP server # # To create a new WEBrick::HTTPServer that will listen to connections on port @@ -139,9 +144,9 @@ https://github.com/ruby/ruby/blob/trunk/lib/webrick.rb#L144 # servers. See WEBrick::HTTPAuth, WEBrick::HTTPAuth::BasicAuth and # WEBrick::HTTPAuth::DigestAuth. # -# == WEBrick as a Production Web Server +# == WEBrick as a daemonized Web Server # -# WEBrick can be run as a production server for small loads. +# WEBrick can be run as a daemonized server for small loads. # # === Daemonizing # -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/