[Zope] Re: Best Practice for Apache 2.0, Zope and SSL

Jamie Heilman jamie at audible.transient.net
Mon Sep 22 16:17:21 EDT 2003


Elena Schulz wrote:
> Hi Jamie,
> 
> [1] It is the prefered way, because it is the most performant.  It is
>     not the most secure, but you said you wanted performance.
> 
> What would you state as the most secure setting?

Probably using mod_pcgi2 with PCGIServer, but this combination falls
over when hit with "real" traffic.  It is also something of a pain to
configure properly if you want to serve static content from apache out
of a path thats nested deep within the zope allotted namespace.  (You
have to use "SetHandler none" in a Location directive.) Additionally,
because mod_pcgi2 relies on Apache's handler semantics there are some
other nasty gotcha's surrounding the DocumentRoot of a domain you want
to relegate entirely to Zope-land.

While I advocate secure practices in all avenues of computing, there's
a point with Zope where the associated costs are simply too much to
bear.  PCGI and its associated code just isn't maintained anymore, and
the performance problems kill any hopes of serious use.  The FastCGI
code appears to suffer from the same problems.  For these reasons
using the gateway HTTP server model is pretty much the only reasonable
choice, despite its flaws.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/



More information about the Zope mailing list