[mod_python] Configuring mod_python via reverse proxy

Jorey Bump list at joreybump.com
Thu Dec 15 23:13:40 EST 2005

Roberto Sanchez wrote:
> Graham Dumpleton wrote:
>> So we know exactly where you are coming from, what do you understand
>> as being the "problems encountered by using mod_python on a shared
>> machine"?
> I was under the impression that there was the possibility of 
> "cross-polution" by having different users' python scripts running under 
> a single apache instance.

Yes, that's true. But it's more of a risk when a team of developers 
share a virtual host. Each virtual host gets its own interpreter, so in 
a typical shared hosting situation (one developer per virtual host), a 
single apache instance is capable of providing enough separation to 
prevent namespace collisions with other mod_python users.

> For example, from the Apache security tips:
> "Embedded scripting options which run as part of the server itself, such 
> as mod_php, mod_perl, mod_tcl, and mod_python, run under the identity of 
> the server itself (see the User directive), and therefore scripts 
> executed by these engines potentially can access anything the server 
> user can. Some scripting engines may provide restrictions, but it is 
> better to be safe and assume not."

And this is still true. Running your own apache instance addresses this 

>> There are indeed some issues, some of which can be partly resolved, but
>> would be good to know specifically which ones you are thinking of.
>> Graham
> Basically, I am concerned by what I read in these two threads:
> http://www.modpython.org/pipermail/mod_python/2005-February/017297.html
> http://www.modpython.org/pipermail/mod_python/2004-February/015059.html

Some work has gone into addressing the way published modules are 
imported, to reduce or eliminate common namespace collisions. Besides 
that, most of the topics discussed in those threads still apply.

It's difficult to develop mod_python applications without some sort of 
adminstrative control over apache. Are you trying to find a way to make 
mod_python available to joeuser in a typical commercial web hosting 
environment, or to a team developing applications on a single company 
web server?

More information about the Mod_python mailing list