Python3 and http!

Python, a versatile and widely-used programming language, has proven its worth across various domains, from web development and data analysis to artificial intelligence and automation.

The command

python3 -m http.server

is an interesting one I’ve been thinking about and using of late.

This one little cli command can make all files accessible in the directory that the command is executed in… I checked it as an admin and standard user and sure enough you can share any data in any directory you have access to!

This opens up some significant security vulnerabilities. Since the server allows public access to the files in the directory where it is executed, there is a risk of exposing sensitive information inadvertently. Attackers can exploit this vulnerability to gain unauthorised access to confidential data or sensitive configuration files. This should never be used on a production server!

With great power also comes great responsibility…. I think all young programmers and developers should watch the Oppenheimer movie!