[mod_python] Mod_python Security

Graham Dumpleton grahamd at dscpl.com.au
Fri Mar 3 03:31:52 EST 2006

On 03/03/2006, at 7:12 PM, marinus van aswegen wrote:

> Thanks guys, just what I was looking for. I suspect the safest way  
> to deploy my mod_python app is to ensure that all calls go through  
> one function via the publisher ...eg. cmd.py/<what ever cmd you want>.

Using publisher doesn't automatically mean it will be safer. In some  
publisher makes it easier to inadvertently stuff things up because it  
does a
lot of things automagically. :-)

> I'd like to be able to detect if debugging is on via my cmd, so  
> that it will refuse to exec and return a page indicating that it's  
> down for maint. Is there a way from inside my script?

Not sure exactly what you mean here. If you are wanting a way to  
if PythonDebug is set to On, use:

   if int(req.get_config().get("PythonDebug","0"):

> Next step is to sanitise input, I'm thinking of using a white list  
> of chars. Is there a way to ensure that all input will be non Unicode?

Again not sure exactly what you mean here. If you want to modify the  
of POST requests as it arrives, you could look at input filters.


More information about the Mod_python mailing list