[mod_python] publisher security concerns

Javier Quinteros jquinte at fadu.uba.ar
Mon Apr 8 20:00:44 EST 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Allan:
        You're right and now..... Houston, Houston. We have a problem....
Does anyone know how to solve this?

On Monday 08 April 2002 19:05, Allan Saddi wrote:
> I've found that this is only true when the module is loaded for
> the first time. If the module is already loaded, regardless of
> where it was loaded from, then you can access it via URL.
>
> For example, since publisher.py imports base64, you can call
> functions within base64 via URL:
>
>   http://website/some/path/base64/encodestring?s=foobar
>
> And this actually works for me. (Using FreeBSD 4.5, Apache
> 1.3.24, mod_python 2.7.6, Python 2.2)
>
> My .htaccess is simply:
>
>   PythonPath "['/some/directory', '/usr/local/lib/python2.2',
> '/usr/local/lib/python2.2/lib-dynload',
> '/usr/local/lib/python2.2/site-packages']" SetHandler python-program
>   PythonHandler mod_python.publisher
>   PythonDebug on
>
> - Allan

- -- 
- ---------------------------------
Javier Quinteros
jquinte at fadu.uba.ar
Secretaría de Planificación
Universidad de Buenos Aires
- ---------------------------------
Existe un solo lugar donde el Norte y el Sur del mundo se enfrentan en
igualdad de condiciones: es una cancha de fútbol de Brasil, en la 
desembocadura
del río Amazonas. La línea del ecuador corta por la mitad el estadio Zerao, en
Amapá, de modo que cada equipo juega un tiempo en el sur y otro tiempo en el
norte.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8siEcdBzRnlFl4cgRAuOiAKCqPxaDUL9KTi7BYLevQF9LDtynCQCgrj8Y
kWv27tFfobuj7JnU1kfptXo=
=L9NU
-----END PGP SIGNATURE-----

More information about the Mod_python mailing list