[python-win32] IIS CGI installation
Robert Brewer
fumanchu at amor.org
Sat Jun 4 20:27:28 CEST 2005
Dan Fulbright wrote:
> I have found a lot of links to
> http://www.e-coli.net/pyiis_server.html,
> however, this page starts out with:
>
> "This is really very easy. It is also not a good idea for
> both security and performance reasons."
>
> What are the security and performance issues, and how can they be
> overcome? I am wanting to use Python for CGI on a shared Windows 2000
> Server with IIS, so security and performance are of utmost importance.
It's probably considered insecure because you are passing params (%s) to
python on the command line. Those "clever hackers" could find a way to
pass Nasty Things, like "del C:"
Performance will be intolerable, since each page request has to start
and stop the Python interpreter, which is not a quick process.
There are other ways of using Python with IIS, such as ISAPI + WSGI:
http://isapi-wsgi.python-hosting.com/
or ASP:
http://www.4guysfromrolla.com/webtech/082201-1.shtml
or (my preferred method) ASP + WSGI:
http://www.amorhq.net/blogs/index.php/fumanchu/2005/05/26/wsgi_gateway_f
or_asp_microsoft_iis
If you used the latter, you could use CherryPy and be on the cutting
edge of Python web development. :)
Robert Brewer
System Architect
Amor Ministries
fumanchu at amor.org
More information about the Python-win32
mailing list