Promoting Python as web application development language

Steve Holden sholden at holdenweb.com
Wed Aug 28 13:25:36 EDT 2002 

"Paul Rubin" <phr-n2002b at NOSPAMnightsong.com> wrote in message
news:7xhehkd95h.fsf at ruckus.brouhaha.com...
> list-python at ccraig.org (Christopher A. Craig) writes:
> > Regardless, I think plain vanilla Python is a terrific language for
> > moderately sized web based projects (maybe even large ones, but I've
> > never done a really large one).  It's not that hard to write your own
> > templates, and the cgi module provides an excellent interface to any
> > CGI data you might need.
>
Plus the fact that even without big infrastructure you can put some pretty
neat and yet still scalable solutions together around Xitami. You can even
write your servers in pure Python, which can help in structuring better
interactions (or can lead to the same tired old HTML cruft we've been seeing
for years now ;-)

> You can't really do a big site with CGI's.  The forking overhead will
> kill you.  You need mod_python or FastCGI or some other scheme.
>
CGI is certainly quite an overhead, although of course Apache 2 has bitten
the bullet and moved to a thread -based arcitecture, which will ease
problems somewhat. Not really familiar with the likelyt performance imapct,
I must confess.

> > I do agree, however, that the pickle/cookie problem is quite
> > substantial, and that Python needs some easy way to embed complex
> > objects safely in cookies to be a first class web language, though.
>
> You really need to encrypt and authenticate anything you serialize
> into cookies, so you don't leak info about the server state or let
> people mess with it.  However, I'm not convinced storing complex
> objects in cookies is such a great idea in the first place.  It makes
> stuff like load balancing simpler, but you're limited in how much data
> you can put in them.  I'd say bite the bullet and come up with a
> server side session mechanism including any persistence and sharing
> required.  Finally, about scalability, computers are awfully fast
> these days.  If you really need load balancing, maybe your software is
> just too slow and you should fix it instead of trying to throw more
> hardware at it.

Cookies are just a way to let your browser locate information for the
server, and should therefore be either a) database keys, or b) *really*
small. If you want to access user-private data you store it local to the web
server (which does not necessarily mean on the same host) and use the cookie
content as a key. State is shared by the use of a shared (relational or
otherwise) store. If you are practising anything that might be referred to
as "secure" in any meaningful way you are running your web traffic secured
by https:, and hence opaque to snoopers. Anything less is inherently
vulnerable..

regards
-----------------------------------------------------------------------
Steve Holden                                  http://www.holdenweb.com/
Python Web Programming                        pydish.holdenweb.com/pwp/
Previous .sig file retired to                    www.homeforoldsigs.com
-----------------------------------------------------------------------

More information about the Python-list mailing list