- Plesk 12.5
- Plesk Onyx for Linux
Starting from Plesk version 12.5, the following changes are made in terms of Apache modules included into typical installation set:
mod_pythonare not included
mod_phpstill included, but disabled by default
It was done for security reasons and takes place only on the latest OS versions - Ubuntu 14.0, Debian 8, CentOS7, RHEL7. Moreover, other Apache modules' support is considered to be dropped in the next Plesk releases.
Why using these Apache modules on shared hosting is insecure
File security .
mod_pythonrun under the identity of Apache server itself, and therefore scripts executed by these engines potentially can access anything the server user can. For example, files containing highly confidential personal data can be read by a script from another domain.
Security of database connections . DBI connections of other users can be hijacked, and since all users can read each other's code, database usernames and passwords are visible to every user.
Potential system compromise due to security issues in Apache code (is can be resolved by using jail or chroot mechanisms).
Which options to use Perl and Python remain
By default, Python and Perl are handled by FastCGI (
module). For Python, it is also possible to use Application server (this option is described in
: if your application is designed for using with
, updating its code can be required.