Embedding a restricted python interpreter

Craig Ringer craig at postnewspapers.com.au
Fri Jan 7 06:56:26 CET 2005


On Thu, 2005-01-06 at 23:40, Steve Holden wrote:
> Jp Calderone wrote:
> 
> [...]
> > 
> > 
> >   A Python sandbox would be useful, but the hosting provider's excuse
> > for not allowing you to use mod_python is completely bogus.  All the 
> > necessary security tools for that situation are provided by the 
> > platform in the form of process and user separation.
> 
> Not sure this is strictly true: mod_python gets loaded into the server's 
> address space and gives the ability to add any type of handler. While 
> Apache might well be able to respawn failed subprocesses, it's not 
> something that most hosting providers would like to have to do all the 
> time for many hosted sites.

I wonder if SCGI or a similar "persistent CGI" solution might be more
practical for running CGI scripts under specific user accounts.

--
Craig Ringer




More information about the Python-list mailing list