Need a compelling argument to use Django instead of Rails
Damjan
gdamjan at gmail.com
Sat Aug 5 11:50:13 EDT 2006
>> I didn't realize you could do shared hosting with mod_python, because
>> of the lack of security barriers between Python objects (i.e. someone
>> else's application could reach into yours). You really need a
>> separate interpreter per user.
>
> mod_python uses sub-interpreters - can be per virtual server, per
> directory etc, cf
> http://www.modpython.org/live/current/doc-html/dir-other-ipd.html
> http://www.modpython.org/live/current/doc-html/dir-other-ipdv.html
Yes, but your mod_python programs still run with the privileges of the
Apache process, as are all the other mod_python programs. This means that
my mod_python program can (at least) read files belonging to you -
including your config file holding your database password.
PHP solves this problem by using it's safe mode and basedir restrictions.
Mod_python nor Python itself don't have this feature.
There are sollutions for Apache that run each virtual host under a different
uid but they have quirks:
Metux MPM - http://www.metux.de/mpm/en/
mod_suid - for apache 1.3.x
http://www.palsenberg.com/index.php/plain/projects/apache_1_xx_mod_suid
mod_suid2 - for apache 2.0.x
http://bluecoara.net/item24/cat5.html
mod_ruid - seems to be an improvement of mod_suid2
http://websupport.sk/~stanojr/projects/mod_ruid/
But I see mod_python more as a way to extend Apache itself, than for running
Python applications. A lot of the Apache mod_auth_* modules could be
replaced with mod_python scripts.
OTOH SCGI or FastCGI seem better sutied for python web (WSGI) applications.
--
damjan
More information about the Python-list
mailing list