Graham Dumpleton
grahamd at dscpl.com.au
Sun Nov 5 16:13:39 EST 2006
Jim Gallacher wrote .. > You might want to mention that the security implications of using .psp_. > Perhaps use the example of making a database connection with the user > name and password in the psp file. You wouldn't want to use this on a > publicly facing website. :) What one can do for .psp_ files is use: <Files *.psp_> deny from all allow from localhost </Files> In other words, restrict access to requests from localhost, or some other appropriate site. Unfortunately there isn't any way (that I know of), of specifying using just Apache configuration directives, that 'PythonDebug On' apply only to a specific client site. What one can do though is use a transhandler(), if in main configuration, or some later handler if in directory context and have: def transhandler(req): if req.connection. remote_ip in ['...']: req.get_config()['PythonDebug'] = '1' else: req.get_config()['PythonDebug'] = '0' return apache.DECLINED In some respects a later handler might be better as you can possibly override anything set in the Apache configuration to force such a policy. Users could still override you again, in their own handler, but makes them do one extra non obvious step. One could even get quite tricky and require the presence of a special cookie in the request, with the only way of getting the cookie being to have logged into some special page of your web site and have it enabled. Graham
|