server implementation should have rudimentary security :)

[jamie-pate]

as I currently read server.py, this will write the file anywhere on the host machine? with the only security being that it's bound to localhost.

I have least added a regex match on the path

if re.match('^/path/to/chroot/jail',fpath)

a password might be nice too, otherwise anyone could just write a web app that fishes for this server and start writing stuff all over

[tomimick]

Yep, didn't implement much security as this is a power tool for smart developers who should know what they run :) Ease of use over security.

However, security could be improved by

1. run script as low privileged user "sudo lowuser python server.py"
2. chroot the script
3. check the path like you suggest

I have coded the last two mechanism as optionals to the upcoming 1.0.2 script.

[jamie-pate]

a simple key or password would probably be nice too. path checking will prevent most fishing, but if the fisherman can guess your development path, they could poison your code with all sorts of exploits.

[tomimick]

I think password auth would be overkill for this tool, and I'm feeling too lazy to implement it now...