|
Jorey Bump
list at joreybump.com
Wed Nov 24 14:55:17 EST 2004
Scott Sanders wrote: > Maybe I am less paranoid, but I just store that info in the .htaccess > under PythonOption directives. If the .htaccess file were to become > exploited, I have bigger problems :) Well said. Although it puts the passwords and such back in the DocumentRoot, apache is typically configured to deny direct access to ^.ht files, making it a nonissue (but this still doesn't prevent me from storing .htpasswd files outside the DocumentRoot -- yes, I *am* more paranoid). The only thing I don't like about it is that it can make applications directory-dependent or force them to share a single config file (as opposed to importing settings from a specific module). On the other hand, it makes it *really* easy to develop a standalone mod_python application for distribution. All you'd need to do is untar the application directory in your DocumentRoot and edit .htaccess. It opens up a lot of possibilities... Thanks!
|