Sambuca Embedded HTTP Framework - Security Advisory
Navigation
Security Advisory Notice
Please note that the Sambuca Embedded HTTP Framework has NOT been designed or tested to function outside of a trusted network behind a firewall. Version 1.0 was designed and written with the assumption that it will ONLY be running on the relatively secure and "trusted" environment of a Enterprise LAN or WAN that are protected by firewalls and where hacking attempts more rare than servers exposed on the Internet or other public or untrusted networks. The next major version of the Framework will be more hardened against DOS and other common Internet attacks, however it should be noted that all planned version of the Sambuca Embedded HTTP Framework are USE-AT-YOUR-OWN-RISK. By running a Sambuca Embedded HTTP Server implementation on your PC, Server, or Network you potentially open your systems to hacks since like all other servers, this framework opens a Socket for listening and accepts incoming connections on the port of your choosing. It should also be noted that the supplied Demo class MUST NEVER be used on a public or otherwise unsecure network since it allows users to browse or download from the supplied WWW ROOT directory (default directory is the "wwwroot" directory within the installation directory of the Sambuca Embedded HTTP Framework) via the supplied listening port (default port is 8080). The supplied Demo classes should ONLY be used as a reference for developing your own implementations.
