[mod_python] Configuring mod_python via reverse proxy

Graham Dumpleton grahamd at dscpl.com.au
Wed Dec 14 22:01:15 EST 2005

Roberto C. Sanchez wrote ..
> Graham Dumpleton wrote:
> > 
> > Another non obvious problem which arises because of this arrangement
> is
> > that if the second instance of Apache you are running has write access
> > to the directories, it will dump Python .pyc files. If you are then only
> > using AddHandler and not SetHandler, there will be nothing to stop
> > someone specifying a URL which targets the .pyc files and they will be
> > able to download them also and then decompile them, thus potentially
> > getting access to sensitive information.
> > 
> > Good idea to have an excplicit rule:
> > 
> >   <Files *.pyc>
> >   deny from all
> >   </Files>
> > 
> I had not considered that.  However, I don't see any .pyc files anywhere
> under ~/public_html/.

If you are using mod_python.psp you will not, but if you use PythonHandler
to target a handler .py file in ~/public_html, or you are using mod_python
version 3.1.4 or older and mod_python.publisher, you can.


More information about the Mod_python mailing list