Web Hosting

Sheila King usenet at thinkspot.net
Thu Apr 24 02:43:35 EDT 2003


On Thu, 17 Apr 2003 09:51:56 GMT, Alex Martelli <aleax at aleax.it> wrote in
comp.lang.python in article <0Puna.38530$T34.1097507 at news2.tin.it>:

> Afanasiy wrote:
>    ...
> > I was under the impression mod_python was not safe for shared
> > environments. If this is true, I don't think you will find a
> 
> I'm not aware of such concerns; could you please provide an
> URL discussing the issue, or what gave you this impression?

I believe the concern is that, mod_python runs under the web server's user
ID, whatever that may be. Thus, in a shared environment, user1 running
mod_python and user2 also running mod_python will have the same file
permissions on files created or read by such processes.

This is why PHP has safe_mode.

There are ways around this problem, but they are not easily implemented. In
many cases, hosts run PHP with safe_mode off, and no other security
restrictions in place to protect clients files, not even realizing the
security holes they have in place on their server.



-- 
Sheila King
http://www.thinkspot.net/sheila/
http://www.k12groups.org/




More information about the Python-list mailing list