summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenta Murata <mrkn@users.noreply.github.com>2020-08-26 14:28:05 +0900
committerGitHub <noreply@github.com>2020-08-26 14:28:05 +0900
commit72cb9bc55f5f96ad6d04129cd997e53c5b0c3a83 (patch)
tree478e4ec7654c2011d5deda159e50f25ae5d6a3ff
parenta84a2e872f0b0f578eeeb192e79fe8bc10df6a8f (diff)
[webrick][DOC] Describe the stance of WEBrick about its security and utilization (#3457)
WEBrick is not recommended for the production use. We need to explicitly describe this fact in the document to avoid troubles due to misunderstanding.
Notes
Notes: Merged-By: mrkn <mrkn@ruby-lang.org>
-rw-r--r--lib/webrick.rb9
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/webrick.rb b/lib/webrick.rb
index 1c0eb81dbd8..b854b68db4a 100644
--- a/lib/webrick.rb
+++ b/lib/webrick.rb
@@ -15,6 +15,11 @@
# WEBrick also includes tools for daemonizing a process and starting a process
# at a higher privilege level and dropping permissions.
#
+# == Security
+#
+# *Warning:* WEBrick is not recommended for production. It only implements
+# basic security checks.
+#
# == Starting an HTTP server
#
# To create a new WEBrick::HTTPServer that will listen to connections on port
@@ -139,9 +144,9 @@
# servers. See WEBrick::HTTPAuth, WEBrick::HTTPAuth::BasicAuth and
# WEBrick::HTTPAuth::DigestAuth.
#
-# == WEBrick as a Production Web Server
+# == WEBrick as a daemonized Web Server
#
-# WEBrick can be run as a production server for small loads.
+# WEBrick can be run as a daemonized server for small loads.
#
# === Daemonizing
#