Matt Sergeant wrote:
>
> On Wed, 27 Sep 2000, Matthew Byng-Maddick wrote:
>
> > > We all have to do our part to evangelize mod_perl more. I think ISPs are
> > > really key here as I think I may have mentioned before. If you get the ISPs
>
> Actually I think the people we need to get involved are the web site
> builders - the larger companies offering dynamic web content creation. We
> also need some more mainstream tools, the oft-requested "Zope-a-like" in
> Perl. And it needs to be trivial to install (I'm not sure how likely that
> is to be yet).
Hum - most commercial companies that I know in London (few I know),
either use ASP (the M$ version) or PHP. The best solution for them is
often not what is technically the best, but the compromise of staff cost
/ availability, and hence development cost. e.g. I have a few friends
whom work in ASP shops whom know little about the web in terms of
cookies, sessions, headers, but they all know how to set a session in
ASP, and hence get the job done. Their employers get the job done, at a
lower cost (IMHO ASP programmers are paid less than perl ones). The
fact that they often get stuck when trying to do something a little out
of the ordinary does not appear to matter much!
As for a "Zope-a-like" or similar, I agree that there are few mod_perl
applications out there, and judging by the number of PHP apps on
freshmeat there's allot of competition. A (or many) flagship
application(s) would help evangelise mod_perl allot.
On the easy to install front, I think that's due to programmer being
lazy. I know there are issues, but making a module install using h2xs
stuff is easy (both for programmer and end user). Supplying example
httpd.conf files is also easy - it just takes time.
> > > advertise support for mod_perl? How many without charging like US$100 more
> > > a month on top of the normal account fees?
> >
> > This is difficult, due to the security issues. If you have client cgi, you
> > can always use something like suEXEC or even something as complex as userv
> > to run your cgi scripts. With mod_perl, the plugged in scripts can do
> > anything that the webserver can, and you can (by writing a module that
> > doesn't compile) break the entire webserver.
> >
> > > PHP comes with a lot of ISP accounts for free with no extra cost. Java does
> > > not yet, but I've started seeing ISPs starting to support Java in the low
> > > end shared server accounts...
> >
> > Wow. I'm surprised, for the security reasons I've outlined above. But then
> > I don't know much about PHP, really.
>
> PHP can runs as a normal CGI, using suExec. So it's like advertising Perl
> support.
>
> What would help mod_perl is a working sandboxing system, based on Safe and
> SafeHole. I've advocated that idea before, but still don't have the time
> to go and build it. With that sort of system, and ISP could easily trap or
> prevent whatever they need to, and we could work with them to build up
> secure proffessional installations.
>
> However, I'm honestly not sure if the whole of mod_perl is "right" for the
> majority of small fee ISP's. What the ISP's need is perhaps one of the
> mod_perl modules, like Mason, Embperl or AxKit, or something like
> that. Rather than letting users write PerlInitHandlers! Unfortunately I
> have no idea how you might secure one of these modules, even though one is
> my own.
Because mod_perl is so far entrenched into apache it is difficult to
sandbox it. I've looked at running it for a hosting service and it was
less than easy, nor eligant to allow users access to mod_perl.
I agree with Matt's last point that mod_perl may not be
right for the mainstream "free ISP's". After all with performance comes
power, and in an ISP's world do you want your webserver going wild due
to a badly written bit of perl ?
mod_perl is ideal for single use servers that host one application,
tailor made for that client (as in customer not http). IMHO mod_perl
cannot be beaten on performance or flexibilty in this scenario.
Should we not promote mod_perl as a web platform for the 'cognisenti'.
After all, all the 'best' things are usually not the most popular, but
most people know they are the best. Perhaps this last bit is where the
mod_perl 'marketing machine' is failing.
just by 2 pence worth.
Greg Cope
>
> --
> <Matt/>
>
> Fastnet Software Ltd. High Performance Web Specialists
> Providing mod_perl, XML, Sybase and Oracle solutions
> Email for training and consultancy availability.
> http://sergeant.org | AxKit: http://axkit.org
