Web Hosting
Sheila King
usenet at thinkspot.net
Thu Apr 24 02:43:35 EDT 2003
On Thu, 17 Apr 2003 09:51:56 GMT, Alex Martelli <aleax at aleax.it> wrote in
comp.lang.python in article <0Puna.38530$T34.1097507 at news2.tin.it>:
> Afanasiy wrote:
> ...
> > I was under the impression mod_python was not safe for shared
> > environments. If this is true, I don't think you will find a
>
> I'm not aware of such concerns; could you please provide an
> URL discussing the issue, or what gave you this impression?
I believe the concern is that, mod_python runs under the web server's user
ID, whatever that may be. Thus, in a shared environment, user1 running
mod_python and user2 also running mod_python will have the same file
permissions on files created or read by such processes.
This is why PHP has safe_mode.
There are ways around this problem, but they are not easily implemented. In
many cases, hosts run PHP with safe_mode off, and no other security
restrictions in place to protect clients files, not even realizing the
security holes they have in place on their server.
--
Sheila King
http://www.thinkspot.net/sheila/
http://www.k12groups.org/
More information about the Python-list
mailing list