[prev in list] [next in list] [prev in thread] [next in thread]
List: python-list
Subject: Re: Embedding a restricted python interpreter
From: Gerhard Haering <gh () ghaering ! de>
Date: 2005-01-06 15:53:23
Message-ID: 20050106155323.GA11145 () mylene ! ghaering ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Thu, Jan 06, 2005 at 07:32:25AM -0800, Paul Rubin wrote:
> Jp Calderone <exarkun@divmod.com> writes:
> > A Python sandbox would be useful, but the hosting provider's excuse
> > for not allowing you to use mod_python is completely bogus. All the
> > necessary security tools for that situation are provided by the
> > platform in the form of process and user separation.
>
> But mod_python is an apache module and runs in the same apache process
> with other users' scripts.
Which is why it's a good idea for each customer to have it's own system user
and their virtual hosts running under this uid. Which was the idea for the
perchild MPM for Apache 2 - which is abandoned now :-( muxmpm is a replacement
project in beta.
This really sucks when you use Apache2. I myself did make the switch some time
ago, then noticed that this (for me) important feature was missing. It now
works, somehow, but to make it work properly I'd need to either:
- go back to Apache 1.3.x, missing some nice improvements
- use different webservers per user, put them together with mod_proxy (yuck!)
-- Gerhard
["signature.asc" (application/pgp-signature)]
--
http://mail.python.org/mailman/listinfo/python-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic