|
Allan Saddi
asaddi at philosophysw.com
Mon Apr 8 15:05:28 EST 2002
I've found that this is only true when the module is loaded for the first time. If the module is already loaded, regardless of where it was loaded from, then you can access it via URL. For example, since publisher.py imports base64, you can call functions within base64 via URL: http://website/some/path/base64/encodestring?s=foobar And this actually works for me. (Using FreeBSD 4.5, Apache 1.3.24, mod_python 2.7.6, Python 2.2) My .htaccess is simply: PythonPath "['/some/directory', '/usr/local/lib/python2.2', '/usr/local/lib/python2.2/lib-dynload', '/usr/local/lib/python2.2/site-packages']" SetHandler python-program PythonHandler mod_python.publisher PythonDebug on - Allan On Mon, 8 Apr 2002, Javier Quinteros wrote: > Don't be worried about Python standard modules. The only things that anyone > can execute via URL is the scripts you have in the Directory defined in > apache. This means that all the third-party modules can be placed in > /usr/local/python2/lib (or whatever) with Python standard modules and will > not be exposed via apache. > > Bye,
|