PyAMF in production without "real" server

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

PyAMF in production without "real" server

Blank User
can I use pyamf in a production environment without apache, etc?  it's
running fine of my test server without it and i think i have overcome
the multi-threading issues i wrote about earlier.  is it safe and
secure to run if it's not behind apache?  i understand it might not be
recommended but why?  my use case is not typical.

thank you for the prompt reply to my earlier question.
_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: PyAMF in production without "real" server

Nick Joyce
On 4 Aug 2010, at 14:58, Blank User wrote:

> can I use pyamf in a production environment without apache, etc?  it's
> running fine of my test server without it and i think i have overcome
> the multi-threading issues i wrote about earlier.  is it safe and
> secure to run if it's not behind apache?  i understand it might not be
> recommended but why?  my use case is not typical.
>
> thank you for the prompt reply to my earlier question.
> _______________________________________________
> PyAMF users mailing list - [hidden email]
> http://lists.pyamf.org/mailman/listinfo/users


PyAMF by itself does not provide an HTTP server, it requires an external framework to manage that for it.
In the examples we use Python's stdlib BaseHTTPServer [1] to run the examples, hence why they are only single threaded.

What PyAMF does is conform to the WSGI spec [1]. A lot of HTTP servers support this specification as can be seen at http://wsgi.org/wsgi/Servers . Each have their pros and cons, depending on your production environment and what you want to achieve.

Having said that Apache is a battle hardened HTTP server and you can get *a lot* of confidence from using it as the f/e for PyAMF services. What are your reasons for discounting it?

Cheers,

Nick

_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: PyAMF in production without "real" server

Blank User
In reply to this post by Blank User
Nick,

Apache is just too bloated and resource intensive -- it has all these
"features" that serve no function.  I re-wrote the hello world example
to be multi-threaded last night.  The server.py example with the
modifications does everything need  - i've also encapsulated all error
messages to not sent to client.  Is there any security issues with
using it in a production environment that the public has access to?  I
just don't see the point of having apache... it just eats up resources
for no benefit that I can see.

So let me rephrase the question:

Is there any security issues with just running server.py "naked" without apache?

Once again, thank you.
_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: PyAMF in production without "real" server

David Wolever-4
On 4-Aug-10, at 9:30 AM, Blank User wrote:
> Is there any security issues with just running server.py "naked"  
> without apache?

Assuming that it's using `simple_server` from the `wsgiref` module, I  
have not heard of any security issues.

However, nobody at any point claims that wsgiref is a suitable  
production server, so it's not unlikely that you'll run into speed,  
stability or memory issues… So when stuff starts breaking under load,  
try a "real" server (like CherryPy's wsgiserver [0] or gunicorn [1]).

David

[0]: http://www.cherrypy.org/browser/trunk/cherrypy/wsgiserver/__init__.py
[1]: http://gunicorn.org/
_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: PyAMF in production without "real" server

Jesse Warden-2
Citations as array indices == win.

On Wed, Aug 4, 2010 at 12:20 PM, David Wolever <[hidden email]> wrote:
On 4-Aug-10, at 9:30 AM, Blank User wrote:
Is there any security issues with just running server.py "naked" without apache?

Assuming that it's using `simple_server` from the `wsgiref` module, I have not heard of any security issues.

However, nobody at any point claims that wsgiref is a suitable production server, so it's not unlikely that you'll run into speed, stability or memory issues… So when stuff starts breaking under load, try a "real" server (like CherryPy's wsgiserver [0] or gunicorn [1]).

David

[0]: http://www.cherrypy.org/browser/trunk/cherrypy/wsgiserver/__init__.py
[1]: http://gunicorn.org/
_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users


_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users