[mod_python] (servlets) last file from mps_tutorial

Daniel Popowich dpopowich at comcast.net
Mon Jul 12 14:32:45 EDT 2004 

Sharky @ Code Zone writes:
> In your last file on mps_tutorial (fini.mps) you have this:
> 
>         "For any file that does not begin with an underscore or period
>         AND does not have a mps extension, the servlet handler will
>         return mod_python.apache.DECLINED, so you can co-locate image
>         files, css files, etc. with your servlets."
> 
> 
> you don't mean "For any file that begin..." ???

No, that's what I meant.  For files beginning with "_" or "." the
handler returns a 403 error (forbidden) regardless of file extension.
This, in effect, reserves such files for internal use by an
application, e.g., you can name an app's configuration file
_myapp.config and co-locate it with your mps files and it will remain
secure.

This is an oversimplification, but essentially the servlet handler
will:

    if the file matches [._]* raise mod_python.apache.HTTP_FORBIDDEN

    elif the file matches *.mps process it as a servlet

    else raise mod_python.apache.DECLINED

More information about the Mod_python mailing list