On Wed, Feb 03, 1999 at 02:04:10PM -0500, Phillip J. Eby wrote: ,----- | At 01:41 PM 2/3/99 -0500, Kevin Dangoor wrote: | >On Wed, Feb 03, 1999 at 12:18:04PM -0500, Phillip J. Eby wrote: | >,----- | >| | >| Only if your shared hosting environment doesn't give every domain its own | >| Unix user ID and executes CGI's under that ID... :) | > | >Hmm... If the hosting company doesn't give you your own Unix uid, I don't | >think there's any way to prevent people from getting at your data... | | Oops, that was unclear. I meant to say that if your host gives you your | own ID, *and* executes CGI under that ID, then you have nothing else to do | except keep permissions straight. Ahh! That's ideal! Does someone out there set it up like that? | >But pcgi *is* the wrapper, right? pcgi starts up Zope when it isn't | running and then passes requests to it after that. So, if pcgi is running | setuid, the it will start up Zope under my uid as well. (I have tried this | already, and it works. Zope runs as my user id if I chmod u+s pcgi-wrapper.) | | True, but my understanding is that PCGI is moving away from being the | process management part of the system. This may be especially true if | there ends up being a PCGI handler in ZServer, or you're running ZServer on | a different machine than the web server. `----- I think the potential is great that there will be people out there who want to use Zope on a server they don't control... and it seems like PCGI is the most efficient way to do that. I think there will be many scenarios in which PCGI is not necessary (or even desirable). However, for people trying to serve up their web pages for $30/month (or whatever) PCGI seems like the best route... Kevin -- Kevin Dangoor kid@ans.net / 734-214-7349