[Zope] hard-coded pcgi
Kevin Dangoor
kid@ans.net
Wed, 3 Feb 1999 14:50:57 -0500
On Wed, Feb 03, 1999 at 02:04:10PM -0500, Phillip J. Eby wrote:
,-----
| At 01:41 PM 2/3/99 -0500, Kevin Dangoor wrote:
| >On Wed, Feb 03, 1999 at 12:18:04PM -0500, Phillip J. Eby wrote:
| >,-----
| >|
| >| Only if your shared hosting environment doesn't give every domain its own
| >| Unix user ID and executes CGI's under that ID... :)
| >
| >Hmm... If the hosting company doesn't give you your own Unix uid, I don't
| >think there's any way to prevent people from getting at your data...
|
| Oops, that was unclear. I meant to say that if your host gives you your
| own ID, *and* executes CGI under that ID, then you have nothing else to do
| except keep permissions straight.
Ahh! That's ideal! Does someone out there set it up like that?
| >But pcgi *is* the wrapper, right? pcgi starts up Zope when it isn't
| running and then passes requests to it after that. So, if pcgi is running
| setuid, the it will start up Zope under my uid as well. (I have tried this
| already, and it works. Zope runs as my user id if I chmod u+s pcgi-wrapper.)
|
| True, but my understanding is that PCGI is moving away from being the
| process management part of the system. This may be especially true if
| there ends up being a PCGI handler in ZServer, or you're running ZServer on
| a different machine than the web server.
`-----
I think the potential is great that there will be people out there
who want to use Zope on a server they don't control... and it seems like
PCGI is the most efficient way to do that. I think there will be many
scenarios in which PCGI is not necessary (or even desirable). However,
for people trying to serve up their web pages for $30/month (or whatever)
PCGI seems like the best route...
Kevin
--
Kevin Dangoor
kid@ans.net / 734-214-7349