[mod_python] Unable to import modules in subdirs

Jorey Bump list at joreybump.com
Thu Oct 27 23:20:22 EDT 2005

Brandon N wrote:

> I meant seeing as others had pointed out the concern that one shouldn't 
> put .py files under htdocs/ or similar directories for fear that someone 
> might find access to one's source files, wholly intact.
> Though
>  > In order for
>  > Apache to make this determination, the .py files must be in the public
>  > directories that Apache is managing.
> made it clear for me.
> Is that at all a security issue. Or rather, is there a standard method 
> of referencing code outside of the public directories?

Yes. You import it, as you would with most Python applications. I use 
Publisher, and typically have only a few lines of code in my published 
modules, which act as interfaces to packages in my extended path:


Published module used as interface to rules package.
# all the code is in this package
# /var/www/vhosts/walamaloo/python/bruce/faculty/rules/__init__.py
import bruce.faculty.rules

def index(req):
     Default function for users.
     return bruce.faculty.rules.four(req)

def admin(req):
     Requires authentication using proprietary mechanism.
     return bruce.faculty.rules.onethreefiveseven(req)

This is just my preference. You can put all of your code in a published 
module, if you want. But this approach allows me to hide sensitive 
information outside of the DocumentRoot and encourages code reuse. I can 
build apps relatively quickly because my extended path is filled with 
various utility modules.

You might find some similarities to PHP's require() or include(), but 
those are a bit simplistic compared to Python's import mechanism. On the 
other hand, I have to restart apache often when developing new 
applications, so PHP does have have one thing going for it (but only 
one). :)

More information about the Mod_python mailing list