[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Flame bait - recommendations for web devlopment language?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Flame bait - recommendations for web devlopment language?
- From: pierre-yves_(_at_)_spootnik_(_dot_)_org
- Date: Fri, 16 Dec 2005 09:36:31 +0100 (CET)
> (It also looks like there's no mod_python in the source tree; I don't
> know why, but I never really used python so that's not surprising, but
> it might be an argument against python. There is a mod_perl, mod_ruby,
> and it might be supported via another port - but I don't see it in
> python. And the mod_*s are quite a bit faster than CGIs.)
> As an off-the-wall remark, FastCGI looks really nice, too. I'll try it
> sometime soon.
Having no mod_python is really no problem, see
http://www.openbsd.org/cgi-bin/cvsweb/ports/www/py-jonpy/ for an
alternative, basically everything you do with mod_* can (and often should)
be done with fastcgi.
The main advantage is security, because with fastcgi you can:
Run apache or another fastcgi compliant (i'm thinking lighttpd here)
Run your 'dynamic/data-driven/mvc/whatever' web application chrooted
elsewhere and as a different user.
Only share a socket either AF_UNIX or AF_INET between the two servers.
A break in the www servers is still totally unlikely, If the web
application is exploitable it will yield access to an unprivileged user in
the web application's chroot.
Another advantage with this approach is that some webservers (still
thinking lighttpd) support fastcgi load-balancing, so you can run your web
app on many machines.