[mod_python] Python Server Pages debugging security

Graham Dumpleton grahamd at dscpl.com.au
Mon Jan 30 16:22:03 EST 2006


.: smilelover :. wrote ..
> Hi guys,
> you're probably through with this, but I'd like to ask (google didn't tell
> me anything).
> 
> How can I prevent people from viewing my PSP source via appending an  
> underscore to the filename? (you know what I mean...I write index.psp_
> instead of index.psp and get the two-column output with PSP and Python
> source).
> Is is possible to do it with some Apache directive?

Two options:

  PythonDebug Off

If you need mod_python debugging on for other reasons, you could
instead just block all requests to .psp_ files.

  <Files *.psp_>
  deny from all
  </Files>

Graham


More information about the Mod_python mailing list