Dan Fulbright wrote: > I have found a lot of links to > http://www.e-coli.net/pyiis_server.html, > however, this page starts out with: > > "This is really very easy. It is also not a good idea for > both security and performance reasons." > > What are the security and performance issues, and how can they be > overcome? I am wanting to use Python for CGI on a shared Windows 2000 > Server with IIS, so security and performance are of utmost importance.
It's probably considered insecure because you are passing params (%s) to python on the command line. Those "clever hackers" could find a way to pass Nasty Things, like "del C:" Performance will be intolerable, since each page request has to start and stop the Python interpreter, which is not a quick process. There are other ways of using Python with IIS, such as ISAPI + WSGI: http://isapi-wsgi.python-hosting.com/ or ASP: http://www.4guysfromrolla.com/webtech/082201-1.shtml or (my preferred method) ASP + WSGI: http://www.amorhq.net/blogs/index.php/fumanchu/2005/05/26/wsgi_gateway_f or_asp_microsoft_iis If you used the latter, you could use CherryPy and be on the cutting edge of Python web development. :) Robert Brewer System Architect Amor Ministries [EMAIL PROTECTED] _______________________________________________ Python-win32 mailing list Python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32
