|
Jorey Bump
list at joreybump.com
Thu Oct 27 23:20:22 EDT 2005
Brandon N wrote:
> I meant seeing as others had pointed out the concern that one shouldn't
> put .py files under htdocs/ or similar directories for fear that someone
> might find access to one's source files, wholly intact.
>
> Though
> > In order for
> > Apache to make this determination, the .py files must be in the public
> > directories that Apache is managing.
> made it clear for me.
>
> Is that at all a security issue. Or rather, is there a standard method
> of referencing code outside of the public directories?
Yes. You import it, as you would with most Python applications. I use
Publisher, and typically have only a few lines of code in my published
modules, which act as interfaces to packages in my extended path:
/var/www/vhosts/walamaloo/website/mp/six.py:
"""
Published module used as interface to rules package.
"""
# all the code is in this package
# /var/www/vhosts/walamaloo/python/bruce/faculty/rules/__init__.py
import bruce.faculty.rules
def index(req):
"""
Default function for users.
"""
return bruce.faculty.rules.four(req)
def admin(req):
"""
Requires authentication using proprietary mechanism.
"""
return bruce.faculty.rules.onethreefiveseven(req)
This is just my preference. You can put all of your code in a published
module, if you want. But this approach allows me to hide sensitive
information outside of the DocumentRoot and encourages code reuse. I can
build apps relatively quickly because my extended path is filled with
various utility modules.
You might find some similarities to PHP's require() or include(), but
those are a bit simplistic compared to Python's import mechanism. On the
other hand, I have to restart apache often when developing new
applications, so PHP does have have one thing going for it (but only
one). :)
|