list at joreybump.com
Mon Jun 7 10:29:38 EDT 2004
Patrick Percot wrote: > On Sun, 06 Jun 2004 23:30:24 -0500, Jon-Pierre Gentil <jgentil at sebistar.net> wrote > >>My program imports other modules. I wish to place these modules outside >>of the area that Apache can "serve" them, so that a malicious or curious >>user cannot enter, for example, www.foo.com/modulecode.py and either >>view or execute the module. Is there a way to move these below my >>documentroot and have mod_apache still import them? > > > You can add this in your httpd.conf > > <Files *> > PythonPath "sys.path + ['/path/to/my/hidden/modules']" > </Files> > > And store your code in this path (/path/to/my/hidden/modules). > > You can also add a .htaccess file in all the directories you don't want > Apache to display the content. Put these lines in .htaccess : > > Order Allow,Deny > Deny from All In some circumstances, it may be appropriate to simply put your modules where other third party modules are placed. This is typically /usr/lib/pythonX.X/site-packages/. Then it's already in your path and available for import. Name your packages carefully to avoid conflicts. Naturally, you need admin privileges to do this.