Is Python suitable for a huge, enterprise size app?
Dave Brueck
dave at pythonapocrypha.com
Fri May 20 17:07:05 EDT 2005
Paul Rubin wrote:
> Dave Brueck <dave at pythonapocrypha.com> writes:
>
>>One thing from your experience that did resonate with me is that,
>>except for ftplib and occasionally urllib (for basic, one-shot GETs),
>>we don't use any of the standard library's "protocol" modules - partly
>>because we had to implement our own HTTP libraries for performance and
>>scalability reasons anyway, and partly because we had trouble figuring
>>out e.g. all the ins and outs of urllib/urllib2/httplib.
>
>
> What do you use for HTTPS?
Hi Paul,
m2crypto (plus some patches to make asynchronous SSL do what we needed).
> And did you use the Cookie module in your
> HTTP servers? You may have had problems without even being aware of
> them (until recently if you used Cookie with its default settings, any
> attacker could completely take over your server by sending you
> carefully concoted cookies).
Are you referring to the use of pickle for cookie serialization? In any case, we
didn't use Cookie.py from the stdlib (on the servers, nearly everything related
to URLs & HTTP was custom-built, with the exception of urlparse, for the
aforemenioned reasons).
-Dave
More information about the Python-list
mailing list