[mod_python] Hiding textual contents of .py script (but keeping it executable)

CPD Transauto cpd at transauto.com.br
Thu Sep 23 13:07:05 EDT 2004


Rich Pinder escreveu:

> Again, thanks for trying to help here. I really dont want to upgrade 
> this machine, but this problem is daunting.
> I've limited what the user that is defined in the script can do on the 
> firebird database, but still this is not very comforting.
> I may indeed need to upgrade though
>
> thanks
> Rich
>
>
>
>> Byron Ellacott wrote:
>>
>>> Rich Pinder wrote:
>>>
>>>> Last first.  Apache 1.3.  Mod Python is configured and working just 
>>>> fine.  Database is being populated from forms. I stumbled on this 
>>>> 'oddity' totally by accident - and really think it should be fixed !!
>>>> I see indeed how it should work, from your URL
>>>
>>>
>>>
>>> I took a quick gander at the docs for mod_python 2.7, and didn't 
>>> spot anything immediately apparent to suggest it might work 
>>> differently. Unfortunately, I don't actually have any Apache 1.3 
>>> installations around to play with, so the best I can say is that you 
>>> might have found a bug.
>>>
>>> (Any particular reason to stay with Apache 1.3?  There are several 
>>> good ones, to be sure.)
>>>
>>>> But I have no stuff configured in any .htaccess files - and sure I 
>>>> never saw THIS in the notes that came with samples I used. (see 
>>>> below for ver numbers / dates for the components).
>>>
>>>
>>>
>>> A .htaccess is basically equivalent to a <Location> or <Directory> 
>>> configuration section.  I only used it because it's a lot easier for 
>>> quick examples than altering the main config file and restarting.
>>>
>
>
> Rich Pinder wrote:
>
>> Thanks Byron for replying.
>> Last first.  Apache 1.3.  Mod Python is configured and working just 
>> fine.  Database is being populated from forms. I stumbled on this 
>> 'oddity' totally by accident - and really think it should be fixed !!
>> I see indeed how it should work, from your URL
>>
>> But I have no stuff configured in any .htaccess files - and sure I 
>> never saw THIS in the notes that came with samples I used. (see below 
>> for ver numbers / dates for the components).
>>
>> Only stuff in my httpd.conf is:
>>
>>> #they python module is in here
>>> Include /etc/httpd/suse_loadmodule.conf
>>
>>
>>
>>
>>> <Directory /home/httpd/htdocs/ctspython>
>>>   AddHandler python-program .py
>>>   PythonHandler mod_python.publisher
>>> #  PythonHandler mptest
>>>   PythonDebug On
>>> </Directory>
>>
>>
>>
>>
>> And, since its Suse, the contents of the suse_loadmodule.conf is:
>>
>>> # Automatically generated by SuSEconfig on Thu Nov 14 16:21:58 PST 2002
>>> #
>>> # PLEASE DO NOT EDIT THIS FILE!
>>> #
>>>
>>> LoadModule python_module /usr/lib/apache/mod_python.so
>>> LoadModule ssl_module         /usr/lib/apache/libssl.so
>>
>>
>>
>> r
>>
>>
>>
>>
>>> Byron Ellacott wrote:
>>>
>>>>>   AddHandler python-program .py
>>>>>   PythonHandler mod_python.publisher
>>>>
>>>>
>>>>
>>>> By your reply, you think by using this it should NOT show the text ?
>>>
>>>
>>>
>>>
>>> Definitely not.  You're telling Apache there that .py should be 
>>> handled as a python-program.
>>>
>>> In $DOCUMENTROOT/foo/.htaccess, I have:
>>>
>>>     AddHandler python-program .py
>>>     PythonHander mod_python.publisher
>>>
>>> In $DOCUMENTROOT/foo/foo.py, I have:
>>>
>>>     import time
>>>     def index(req):
>>>         return time.asctime()
>>>
>>> See http://mlm.bpa.nu:8080/foo/foo.py and note that the source is 
>>> not returned, and that the return is definitely dynamically generated.
>>>
>>> Is mod_python enabled in your web server?  Perhaps you haven't 
>>> restarted Apache since adding those configuration directives?  Are 
>>> you using Apache 1.3 or 2.0?  Can you get it to do anything dynamic 
>>> at all?
>>
>>
>>
>>
>>
>> Rich Pinder wrote:
>>
>>> Thanks for your reply here Byron.
>>> I am indeed using the first option you mention:
>>>
>>>> <Directory /home/httpd/htdocs/ctspython>
>>>>   AddHandler python-program .py
>>>>   PythonHandler mod_python.publisher
>>>>   PythonDebug On
>>>> </Directory>
>>>
>>>
>>>
>>>
>>> By your reply, you think by using this it should NOT show the text ?
>>> Version info:
>>>
>>>> Python 2.2 (#1, Mar 26 2002, 15:46:04)
>>>> [GCC 2.95.3 20010315 (SuSE)] on linux2
>>>
>>>
>>>
>>>
>>>> drwxr-xr-x    4 1000     513           296 Nov 15  2002 
>>>> kinterbasdb-3.0.2
>>>
>>>
>>>
>>>
>>>
>>> thanks for any thoughts
>>>
>>> rich
>>>
>>> Byron Ellacott wrote:
>>>
>>>> Rich Pinder wrote:
>>>>
>>>>> I'm using Apache 1.3 with Python (Kinterbas) to access a Firebird 
>>>>> database.
>>>>> The .py script resides in a directory under the document root.  If 
>>>>> you enter the full url to the script file, the browser returns a 
>>>>> textual representation of the script  (complete with all my 
>>>>> connection string info & password into the database !)
>>>>> What am I missing here ??
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Either you're using the Python publisher handler, in which case I'm 
>>>> surprised that you ever see the text of the script, or you're 
>>>> directly using a PythonHandler statement, in which case you can 
>>>> install your Python modules anywhere on the Python path.
>>>>
>>>> In an Apache config file for a host, I have:
>>>>
>>>>         <Location /budget>
>>>>             SetHandler mod_python
>>>>             Options -MultiViews
>>>>             PythonDebug On
>>>>             PythonAutoReload On
>>>>             PythonInterpreter budget
>>>>             PythonHandler bje.budgetweb
>>>>             PythonOption SessionDbm /usr/share/budget/session.dbm
>>>>         </Location>
>>>>
>>>> The "/var/www/budget" directory does not exist at all; there's 
>>>> nothing that a user can fetch via URL that is not generated by the 
>>>> bje.budgetweb module, which lives in /usr/local/python/someplace, 
>>>> IIRC.  In sys.path[], anyway.
>>>>
>>>> (That module then calls other modules based on patterns matched 
>>>> against path_info, according to a configuration block.  But that's 
>>>> just my preference for how to arrange things.)
>>>>
>>> _______________________________________________
>>> Mod_python mailing list
>>> Mod_python at modpython.org
>>> http://mailman.modpython.org/mailman/listinfo/mod_python
>>>
>> _______________________________________________
>> Mod_python mailing list
>> Mod_python at modpython.org
>> http://mailman.modpython.org/mailman/listinfo/mod_python
>>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>


-- 
Juan Pablo J. Pereira Jr.
Depto. Tecnologia da Informação
Transauto Transp. Espec. de Automóveis S/A.
Fone:    (011) 4366-3443
Fax:     (011) 4366-3468
http://www.transauto.com.br



More information about the Mod_python mailing list