Embedding a restricted python interpreter
Craig Ringer
craig at postnewspapers.com.au
Fri Jan 7 00:56:26 EST 2005
On Thu, 2005-01-06 at 23:40, Steve Holden wrote:
> Jp Calderone wrote:
>
> [...]
> >
> >
> > A Python sandbox would be useful, but the hosting provider's excuse
> > for not allowing you to use mod_python is completely bogus. All the
> > necessary security tools for that situation are provided by the
> > platform in the form of process and user separation.
>
> Not sure this is strictly true: mod_python gets loaded into the server's
> address space and gives the ability to add any type of handler. While
> Apache might well be able to respawn failed subprocesses, it's not
> something that most hosting providers would like to have to do all the
> time for many hosted sites.
I wonder if SCGI or a similar "persistent CGI" solution might be more
practical for running CGI scripts under specific user accounts.
--
Craig Ringer
More information about the Python-list
mailing list