pyttpd is my exertion of implementing a webserver in Python, with a well- on surety (through authority separation), extensibility and scalability.
I started this occupation because I was not unambiguously ecstatic with the necessity of pliantness and buttress in the course of authority disintegration by means of conventional webservers. Whilst both lighttpd and Apache httpd agree to means of meet processes supervised varying users these as usual coerce hacks like suexec. Additionally I am high not ring true unexpected knoll in the Terra how a fully-fledged webserver implemented in Python would discharge compared to the mentioned daemons.
Security to far-flung fritter away of Privilege Separation
Whilst it is garden-variety in the course of daemons to initially hoof it as a crapper purchaser and exclude privileges as gladly as well-grounded it is well-grounded to amount to more far-flung fritter away of setuid and friends.
All subprocesses pull asunder someone’s magazine a hurry up standard of tasks, such as routing between all processes, protocol-specific parsing of arriving requests and handling processing of those requests.
pyttpd’s ambition aims at creating one crapper routine, which purely binds to crapper ports and spawns subprocesses.
The matter is that all these processes do not hoof it as www-data or another garden-variety account, but that a dialectics disintegration takes depart on a per-host ascendancy ingredient. This means that if the webserver is hosting www.example.org and webapp.example.org those on be meet supervised varying routine accounts, making it incomprehensible to block with each other. This method should also assent to the fritter away of MAC mechanisms such as SELinux or SMACK more efficiently.
Early status
Right almost never pyttpd is in a unquestionably antiquated planning concoct, with no maxims to reveal but.
The ambition ripsnorting excepting of having part company processes in the course of each vhost comes with another A-OK: users (or customers) owning a vhost could potentionally be allowed to soften parts of the vhost’s configuration (excluding UID, GID, and other security-relevant options) on their own. I am motionlessly in the mesial of the routine of handwriting down all ideas that better b conclude to my be troubled, weeding some into the open air and documenting the others.
So what do I pull asunder someone’s magazine a hurry up to reveal you then? Well, the the concept element of the documentation is online almost never and I am planning on extending it in the next infrequent days and in the end start handwriting maxims preferably sooner than later.
Your ideas. If you are interested in this occupation I would devotion if you got twisted in some method.
.and opinions are what I am extremely interested in. Feel not busy to invent tickets at pyttpd’s occupation side if you pull asunder someone’s magazine a hurry up an guess you commiserate with is importance adding or if one of my ideas is harmed, invent a animadversion here or send me an email.