By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,584 Members | 1,750 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,584 IT Pros & Developers. It's quick & easy.

Webapp servers & security

P: n/a
App servers such as quixote, webware and skunkweb (just to name a
few) offer a clean environment to develop Python webapps. I have some
problems, however, understanding their security model.
My objective is to host webapps from different people on a single
Linux server; because of that, I want to be sure that one webapp
cannot interfere with another.
My first attempt at privilege separation went through users & groups.
Unfortunately application servers execute all python code under the
same uid; that way webapp 'a' from Alice can easily overwrite files
from webapp 'b' owned by Bob.
chroot() jails are not an option since I'd need one new process for
each request and that would be the same of using plain old CGIs, all
performance penalties included.
rexec and Bastion are deprecated, so I can't enforce security using
the Python VM itself. That leaves me without anything to work on.

Did I miss anything?

Regards,
Anakim Border
Jul 18 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
[Anakim Border]
App servers such as quixote, webware and skunkweb (just to name a
few) offer a clean environment to develop Python webapps. I have some
problems, however, understanding their security model.
Since they each have different security models, that's not surprising.
This is a difficult problem for people approaching python. Hopefully it
is the sort of problem that will be brought more under control when
WSGI* is in widespread use and authentication is controlled using WSGI
middleware.

*: http://www.python.org/peps/pep-0333.html
My objective is to host webapps from different people on a single
Linux server; because of that, I want to be sure that one webapp
cannot interfere with another.
My first attempt at privilege separation went through users & groups.
Using unix users and groups is the best way to attain total separation
between environments. Either that or put them on different
user-mode-linux* hosts.

*: http://usermodelinux.org/
Unfortunately application servers execute all python code under the
same uid; that way webapp 'a' from Alice can easily overwrite files
from webapp 'b' owned by Bob.
Perhaps you could run multiple application servers? One per isolated
environment? Each of the above packages (quixote, etc) contains its own
standalone server, as well as the capability to integrate into other
server environments.

Use some form of proxy webserver in the front, which simply routes
requests to the relevant application server, based on URL, HTTP_HOST,
etc, etc.

Apache has a mod_proxy[1] designed specifically for this purpose. In
combination with mod_rewrite[2], that should give you fairly powerful
control over who gets to see which requests. You could probably roll
your solution fairly easily using one or more of the mod_python
Python*Handlers[3] and something like mod_scgi[4] or FastCGI[5].

1: http://httpd.apache.org/docs-2.0/mod/mod_proxy.html
2: http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html
3: http://www.modpython.org/live/curren...-handlers.html
4: http://www.mems-exchange.org/software/scgi/
5: http://www.fastcgi.com/mod_fastcgi/d...d_fastcgi.html
Did I miss anything?


I am sure there are other approaches as well.

HTH,

--
alan kennedy
------------------------------------------------------
email alan: http://xhaus.com/contact/alan
Jul 18 '05 #2

P: n/a
Anakim Border wrote:
few) offer a clean environment to develop Python webapps. I have some
problems, however, understanding their security model. Did I miss anything?


They don't have a security model. AFAIK only Zope has.

Istvan.
Jul 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.