[mod_python] apache.py suggestions

Micha³ Mach mmach at batory.org.pl
Fri May 26 15:45:24 EST 2000


> apache.py was doing something like the following:
>
>     exec "import " + module_name
>     module = eval(module_name)
>
> The above code is horribly inefficient compared to the code I provided
> (using __import__). You have two parse/compile passes at runtime. The
> "exec" disables certain optimizations. I don't think the code allows it,
> but if module_name happens to come from some user input, then you are
> effectively executing arbitrary code. Very bad.

Sorry, I realize now my question was stupid in fact - I assumed You're
talking about Python in general speaking about the __import__ thing. I
didn't watch see the mod_python code as carefully as You. ;-)

> Python vs mod_python? Bah. I wouldn't have brought it up if it wasn't a
> mod_python issue.

Well, the criticism was directed towards my own question, so don't take it
personally. ;-)

Best,
Michal

P.S. Perhaps I didn't mention it earlier, but I'm a happy man - noone will
tell me now that mod_perl rules. :-) One world, one language! (which means
Python, of course) :-)

---
Michal Mach   mmach at batory.org.pl
Stefan Batory Foundation
http://www.batory.org.pl/




More information about the Mod_python mailing list