[mod_python] Hiding textual contents of .py script (but keeping it executable)

Byron Ellacott bje at apnic.net
Wed Sep 22 10:40:20 EDT 2004


Rich Pinder wrote:
> I'm using Apache 1.3 with Python (Kinterbas) to access a Firebird database.
> The .py script resides in a directory under the document root.  If you 
> enter the full url to the script file, the browser returns a textual 
> representation of the script  (complete with all my connection string 
> info & password into the database !)
> What am I missing here ??

Either you're using the Python publisher handler, in which case I'm 
surprised that you ever see the text of the script, or you're directly 
using a PythonHandler statement, in which case you can install your 
Python modules anywhere on the Python path.

In an Apache config file for a host, I have:

         <Location /budget>
             SetHandler mod_python
             Options -MultiViews
             PythonDebug On
             PythonAutoReload On
             PythonInterpreter budget
             PythonHandler bje.budgetweb
             PythonOption SessionDbm /usr/share/budget/session.dbm
         </Location>

The "/var/www/budget" directory does not exist at all; there's nothing 
that a user can fetch via URL that is not generated by the bje.budgetweb 
module, which lives in /usr/local/python/someplace, IIRC.  In 
sys.path[], anyway.

(That module then calls other modules based on patterns matched against 
path_info, according to a configuration block.  But that's just my 
preference for how to arrange things.)

-- 
bje


More information about the Mod_python mailing list