|
David Geller
dg at sponsera.com
Mon Feb 9 00:04:59 EST 2004
Hi, 1. I hope this doesn't sound *too* naive, but I have this question. For cgi scripts, books tell you not to include the scripts within your document root, for "security" reasons (not exactly sure why this is, but I suppose this is a bit of extra security to prevent folks from viewing the raw python files via some apache backdoor....). So typically, with ScriptAlias, your cgi directory can be anywhere (and outside the DocumentRoot) and life is good. With mod_python, is it possible to keep your python files outside the DocumentRoot? I guess it is, with all python files other than the one containing the handler, but can you put the handler file outside the document root as well? I have read through most of the mod_python mail archives, and issues related to this are mentioned, but not his exactly (I think). 2. Related question - (I think this was answered, but not quite sure...). If you want *all* your requests to come through your python handler, and you are *not* serving *directly* html or img, how do you do this? AND, you basically want to obfiscate the fact you are using python, and want only very generic-looking file names to appear in the "url" bar (top browser bar). Of course, your python might itself generate html that will contain references to images, javascript etc - and for these resources, it is fine, for them to be inside your document root 3. And another related question: I have seen apps (e.g., written in PHP) that always have the same (original, simple) url appear in the top URL bar, no matter which URL's are generated by the underlying program (eg., during POST requests). How is this done? Much obliged! David Geller
|