[mod_python] mod python uses

Jorey Bump list at joreybump.com
Thu Jul 7 11:26:42 EDT 2005 

David Bear wrote:

> second, I want a fast way to run python code that would normaly run
> through cgi. 

Like any embedded interpreter, mod_python is significantly faster than CGI.

> finally, I'd also be interested in some comparisons between psp and
> php or asp... I'm attracted to zope becuase it attempts to separate
> code/content/presentation.. but putting code right in with the html is
> a very simple concept, and widely implemented. 

It's also the BASIC of the WWW, in that it serves as an entry point for 
novice developers that are familiar with HTML, but have little 
programming experience. Embedding code in HTML can also be very useful 
in leveraging the diverse talents of a team (designers can use familiar 
tools and programmers can include code, without stepping on each other's 
toes). I find that I'm much more productive if I abandon this paradigm 
entirely, however, and handle all of my content generation 
programatically.

> So I'm curious how psp
> compares to php et al in terms of performance, 'safety (security)',
> etc.
> 
> any input appreciated. I know these are rather vague questions.

I don't use PSP, mainly because it reminds me of PHP, ASP, etc. I now 
find the perl and PHP projects I maintain to be a chore, and woefully 
inadequate compared to python. But I also think python encourages 
developers to write concise and legible code in a way that's possible in 
  the other languages, but rarely implemented.

Common security principals apply to all web application languages, so I 
can't say that any of them are inherently more secure. I think the 
number of security fixes for mod_python are historically less than PHP, 
but that doesn't mean you can't write a completely insecure app for 
mod_python. In fact, it's quite easy when you get started, because you 
might not realize which objects are available to the client for 
inspection. But mod_python tends to stay out of your way, and I think 
that's a good thing, if you're up to the task.

I think the most important consideration here is one of administration. 
Once CGI is enabled, a user can maintain an app almost entirely with 
FTP. But with embedded interpreters, the onus shifts to the system 
administrator, who is likely to stick with a single configuration that 
may or may not be modified by the developer (via .htaccess, for 
example). Basic PHP apps usually run as expected, but the interpreter 
might not always have the desired compilation options. Still, most PHP 
applications can be made to be fairly portable.

In my experience, using mod_python almost certainly requires the 
developer to have administrative access to the web server. This is 
mainly due to the module import mechanism. Once a PHP page is edited, 
the changes occur immediately. Since mod_python takes advantage of 
python's module caching (which contributes to its performance) it is 
necessary to reload imported modules when they are edited. The easiest 
way to do this is to restart apache. Since this isn't practical in a 
production environment, attempts are being made to improve the import 
mechanism (google for "mod_python import mechanism" to get an idea of 
the issues involved). Of course, this all depends on the handler being 
used.

To sum up, mod_python requires more low level web server configuration 
than PHP or CGI, and probably requires a lot more cooperation between 
developers that share an interpreter. I'll continue to use it because I 
find it to be extremely productive, but usually only in situations where 
I'm the sole administrator, developer and designer.

More information about the Mod_python mailing list