[Web-SIG] WSGI, cgi.FieldStorage incompatibility
Jim Fulton
jim at zope.com
Thu Oct 26 13:14:15 CEST 2006
James Y Knight wrote:
> On Sep 29, 2006, at 3:31 PM, Guido van Rossum wrote:
>
>> On 9/29/06, Michael Kerrin <michael.kerrin at openapp.biz> wrote:
>>> But the current implementation of cgi.FieldStorage in the 2.4.4
>>> branch
>>> and on Python 2.5 does call readline with the size argument. It has
>>> started to do this in response to the Python bug #1112549 -
>>> cgi.FieldStorage memory usage can spike in line-oriented ops. See
>>> http://sourceforge.net/tracker/index.php?
>>> func=detail&aid=1112549&group_id=5470&atid=105470
>>>
>>> Since it is reasonable for a WSGI application to use
>>> cgi.FieldStorage
>>> I am wondering whether cgi.FieldStorage or the WSGI specification
>>> needs
>>> to changed in order to solve this incompatibility.
>>>
>>> Originally I thought it was cgi.FieldStorage that needs to be
>>> changed,
>>> and hence tried to fix it by wrapping the input stream so that the
>>> readline method always uses the read method on the input stream.
>>> While
>>> this seems to work for me it introduces a level of complexity in the
>>> cgi.py file, and possible some other bugs, that makes me think that
>>> adding the size argument for readline into the WSGI specification
>>> isn't
>>> such bad idea after all.
>> Since that change to cgi.py was a security fix I would strongly
>> recommend not to remove it and to change the WSGI spec instead.
>
> Given that this change is now part of python 2.4.4 and python 2.5, it
> seems to me it is now a defacto requirement that all WSGI server
> implementations must support readline with a size argument in order
> to run any interesting software, despite the spec explicitly saying
> that you shouldn't. I suspect simply modifying the spec to follow the
> current reality would be the least bad option.
Yes and updating the server implementations, of course, where necessary.
> But this kind of destabilizing breakage really shouldn't be allowed
> to happen again. Once the error was discovered, the cgi.py change
> should have been immediately reverted until either a decision was
> made to change the WSGI spec, or else the change fixed to not break
> WSGI compliant servers. This limbo situation is pretty bad.
Agreed.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Web-SIG
mailing list