On Tue, Nov 25, 2003 at 09:35:48AM -0000, Bas Scheffers wrote:
> The point I am making is this: AOLserver is as fast as it is because it
> re-uses the interpreter in each of the threads for every request. You
> simply can not do this if you want multiple untrusted users running in
> the same server, wether you change the UID the interpreter is executes
How do you know any of that? Are you sure?
> the page as each time or not. I could overwrite your "update_password
> {user password}" procedure so that it, as a bonus, now also sends me
> that password via email. Or worse.
> So the only solution is to either don't re-use the interpreter, like PHP
> does, and take the performance hit, or have a pool of interpreters that
I suspect that re-initializing a Tcl interpreter to a known state
probably isn't nearly as impossible to do efficiently as you seem to
think. (Which is kind of interesting, so perhaps some guru will
comment further.)
Safe-Tcl or something like it might be relevent there.
Basically, you're making a lot of awfully sweeping software design and
performance assertions here. I wouldn't be that surprised if you
happen to be correct, but I wouldn't be that surprised if you happen
to be completely wrong either. My main point here is I don't see what
information or background you're using to justify those sweeping
statements. Despite the way you've presented them, they sound like
speculative guesses to me, not known true facts.
> Somebody more intimate with the inner workings of AOLserver and/or
> Apache 2.0 and PHP, please correct me if I am wrong!
--
Andrew Piskorski <[EMAIL PROTECTED]>
http://www.piskorski.com/
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of
your email blank.
