Webapp servers & security
Anakim Border
akborder at gmail.com
Tue Dec 7 13:23:40 EST 2004
App servers such as quixote, webware and skunkweb (just to name a
few) offer a clean environment to develop Python webapps. I have some
problems, however, understanding their security model.
My objective is to host webapps from different people on a single
Linux server; because of that, I want to be sure that one webapp
cannot interfere with another.
My first attempt at privilege separation went through users & groups.
Unfortunately application servers execute all python code under the
same uid; that way webapp 'a' from Alice can easily overwrite files
from webapp 'b' owned by Bob.
chroot() jails are not an option since I'd need one new process for
each request and that would be the same of using plain old CGIs, all
performance penalties included.
rexec and Bastion are deprecated, so I can't enforce security using
the Python VM itself. That leaves me without anything to work on.
Did I miss anything?
Regards,
Anakim Border
More information about the Python-list
mailing list