|
Jorey Bump
list at joreybump.com
Thu Dec 15 23:13:40 EST 2005
Roberto Sanchez wrote: > Graham Dumpleton wrote: > >> >> So we know exactly where you are coming from, what do you understand >> as being the "problems encountered by using mod_python on a shared >> machine"? >> > I was under the impression that there was the possibility of > "cross-polution" by having different users' python scripts running under > a single apache instance. Yes, that's true. But it's more of a risk when a team of developers share a virtual host. Each virtual host gets its own interpreter, so in a typical shared hosting situation (one developer per virtual host), a single apache instance is capable of providing enough separation to prevent namespace collisions with other mod_python users. > For example, from the Apache security tips: > > "Embedded scripting options which run as part of the server itself, such > as mod_php, mod_perl, mod_tcl, and mod_python, run under the identity of > the server itself (see the User directive), and therefore scripts > executed by these engines potentially can access anything the server > user can. Some scripting engines may provide restrictions, but it is > better to be safe and assume not." And this is still true. Running your own apache instance addresses this point. >> There are indeed some issues, some of which can be partly resolved, but >> would be good to know specifically which ones you are thinking of. >> >> Graham >> > > Basically, I am concerned by what I read in these two threads: > > http://www.modpython.org/pipermail/mod_python/2005-February/017297.html > http://www.modpython.org/pipermail/mod_python/2004-February/015059.html Some work has gone into addressing the way published modules are imported, to reduce or eliminate common namespace collisions. Besides that, most of the topics discussed in those threads still apply. It's difficult to develop mod_python applications without some sort of adminstrative control over apache. Are you trying to find a way to make mod_python available to joeuser in a typical commercial web hosting environment, or to a team developing applications on a single company web server?
|