[mod_python] Protecting Image-Directory's with PythonAccessHandler

Martijn Moeling martijn at xs4us.nu
Fri Dec 22 07:50:00 EST 2006


For exactly the same reasons you indicate I have written my own access mechanism, Additionally I hate the login window produced by the browsers but that is my opinion. Next is, that I have not been able to get any secure credentials transfer with PythonAuthHandler working.

I use the xmlHTTPRequest (javascript) to send the credentials to the server, my mod_python program then looks up the User record in a MySQL database and checks the password, if correct a session is created.
Doing so using https makes it sort of secure enough for my application.

I have found it hard to get around the documentation and often I start reading trough the mod_python source files to get the answers (I need to understand the MP sources anyway since I want to contribute to the development, for most users this would be to much). This mailinglist is helpful but searching it in the archives is sometimes quite a task so I keep all the messages in a folder in my inbox and order them by hand to subfolders on specific topics. Now that the WIKI is there people start to move there too, making it even harder to search for what one needs.

A few days ago I wrote a message to Graham about the level of documentation and examples. Also I see many non native English speakers/readers having trouble with understanding the text, Additionally you need to be an Apache Internals expert in some cases to understand what the doc is telling.

Maybe it is time to write a mod_python cookbook, but I have simply no time left to do so...

Fröhliche Weinachten!!

Martijn Moeling

-----Oorspronkelijk bericht-----
Van: mod_python-bounces at modpython.org [mailto:mod_python-bounces at modpython.org] Namens Marcus Werner
Verzonden: Thursday, December 21, 2006 10:37 PM
Aan: mod_python at modpython.org
Onderwerp: [mod_python] Protecting Image-Directory's with PythonAccessHandler

Hi everyone,

I'm working on a Debian-Stable Box with mod_python 2.7.10 and Python
2.3 (yes I know its both 'stale', but I've got no choice) and I would
like to know _how_ I can protect an images-directory with an 
PythonAccessHandler together with my application-/session-based
authentification. A bonus would be If I could decide access to specific
images bases on user-permissions. 

I know this is a tricky problem, and in PHP you would have to place the
images somewhere inaccessible from the web and stream them through php
to the client, after checking the credentials. If we assume mod_php is
tuned to serve this fast the performance should be fair, but there is
still a small performance-loss because the image is streamed
through the PHP-Interpreter.

Now mod_python seems to dodge this elegantly by introducing the
AccessHandler, but so far I haven't been able to produce
something like this, since the documentation regarding those special
Handler is really sparse.

If you want to attract more user you really need some examples
regarding things wich are impossible, difficult or perfomance-costly 
in other languages/frameworks.
Especially for those Python*Handlers, you need _way_more_ examples, so
it's obvious why,where and when to use those Handlers. They are a huge
bonus, but regarding the documentation they haven't received the
attention they deserve.

I'm going to hold a 30-minutes presentation on mod_python 3 Weeks
from now during a seminar about scripting-languages for Web-Engineering
and  I would like to show at least _one_ convincing example why and
where to use those _special_ handlers. So far I don't know what to tell
my fellow students about thist part of mod_python. Afaik it seems like
I'm the first guy ever doing a presentation about mod_python.

I'm going to set up a more recent version of mod_python on a private
box tonight so if you have a solution/small example wich works on a more
recent version of mod_python: fire away. 

Merry christmasa and best regards,
Marcus Werner

<travis at uni-paderborn.de>

More information about the Mod_python mailing list