|
Graham Dumpleton
graham.dumpleton at gmail.com
Tue Jun 12 21:55:15 EDT 2007
On 13/06/07, Gert Cuykens <gert.cuykens at gmail.com> wrote: > On 6/13/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote: > > On 13/06/07, Gert Cuykens <gert.cuykens at gmail.com> wrote: > > > Why use PSP handlers ? It makes it more complicated then just writing > > > handlers your self, not to mention its more secure depending on where > > > you put the .py files ? > > > > Why do you think one is more secure than any other? > > > > Why do you even think that mod_python itself is secure? > > > > Yes I know people may see this as a troll, but I ask it as a genuine > > question to try and gauge how people (mis)perceive how secure > > mod_python is. > > Also forgot the word faster then psp, actually its more like waaaaay faster :) > > By secure i mean a psp file that is accessible by a internet user like > a html file is less secure then a handler witch only a root user can > have aces too. That a handler source code file wouldn't be exposed due to a configuration mistake would only be true if it is outside of the document tree. It is possible to put handler code files in the document tree and sometimes this is quite convenient as it means you can utilise Apache's URL dispatch for various things rather than writing a slower one of your own in Python code. Also, handler source code files wouldn't necessarily only be readable as root as Apache child processes shouldn't be run as root, but as a separate user. Thus that user has to be able to read the handler source code files and all directories down to it or Apache can't work. Thus, must be all group owned by Apache user or made readable to others. Thus, things other than root will be able to read it one way or the other. Graham
|