[webrick][DOC] Describe the stance of WEBrick about its security and utilization (#3457)

WEBrick is not recommended for the production use. We need to explicitly describe this fact in the document to avoid troubles due to misunderstanding.
Merged-By: mrkn <mrkn@ruby-lang.org>
2022-11-09 12:17:21 -05:00 · 2020-08-26 14:28:05 +09:00 · 2020-08-26 14:28:05 +09:00 · 72cb9bc55f · 2020-08-26 14:28:30 +09:00
commit 72cb9bc55f
parent a84a2e872f
1 changed files with 7 additions and 2 deletions
--- a/lib/webrick.rb
+++ b/lib/webrick.rb
@ -15,6 +15,11 @@
 # WEBrick also includes tools for daemonizing a process and starting a process
 # at a higher privilege level and dropping permissions.
 #
+# == Security
+#
+# *Warning:* WEBrick is not recommended for production.  It only implements
+# basic security checks.
+#
 # == Starting an HTTP server
 #
 # To create a new WEBrick::HTTPServer that will listen to connections on port
@ -139,9 +144,9 @@
 # servers.  See WEBrick::HTTPAuth, WEBrick::HTTPAuth::BasicAuth and
 # WEBrick::HTTPAuth::DigestAuth.
 #
-# == WEBrick as a Production Web Server
+# == WEBrick as a daemonized Web Server
 #
-# WEBrick can be run as a production server for small loads.
+# WEBrick can be run as a daemonized server for small loads.
 #
 # === Daemonizing
 #