[mod_python] [Vampire] Possible security problem with loginhandler

Graham Dumpleton grahamd at dscpl.com.au
Wed Jun 8 06:55:25 EDT 2005

On 08/06/2005, at 6:18 PM, Graham Dumpleton wrote:

> On 08/06/2005, at 6:02 PM, Stephane Bortzmeyer wrote:
>> If I make a typo in the filename of the loginhandler directive of the
>> Vampire configuration file, there is no warning and the access goes
>> on. Isn't it a security weakness?
> Agree that it is probably not good in that circumstance, should yield
> an internal server error response at least and log something. Will have
> to review what happens for other phases as well. In those cases you'll
> probably end up with a not found error, but maybe something different
> should be done there as well.

Version of code in subversion has been updated so you can either update
against that or grab:


and replace version in your copy.

You will now get errors where appropriate like:

   ImportError: No file named 


   ImportError: Cannot import loginhandler from 


More information about the Mod_python mailing list