Need a compelling argument to use Django instead of Rails

[Damjan]

>> Yes, but your mod_python programs still run with the privileges of the
>> Apache process, as are all the other mod_python programs. This means that
>> my mod_python program can (at least) read files belonging to you -
>> including your config file holding your database password....
> 
> I think a standard solution to this is to
> associate each virtual host server to a
> different port and have the main apache
> redirect to the port.  Inetd makes sure
> that the vserver apache instance only
> stays alive while it's needed.  It might be
> complicated to set up, but it works.
> Again, something like this is probably
> advisable anyway to limit the ways one
> vserver can damage another generally
> speaking.

Starting a new Apache process with python included (trough mod_python) is
even worse than CGI.

But it seems AppArmor supports secureing mod_python (and mod_php and
mod_perl) with a special Apache module (and the AppArmor support in the
Linux kernel - yes this is Linux only).

http://developer.novell.com/wiki/index.php/Apparmor_FAQ#How_do_AppArmor_and_SELinux_compare_with_regard_to_webserver_protection.3F

Now that it's GPL AppArmor seems to get a lot of supporters.

-- 
damjan