[mod_python] Where do you put your py modules... ? [alias paranoid protector]

Durumdara durumdara at gmail.com
Sat Oct 7 06:11:38 EDT 2006


Hi !

Where do you put your py modules ?

Interesting question !

I have site, and I want to protect it.
Because I want to do this, I use .php extension for my main py script,
something like this:

### index.php

def handler(req):
  dir = os.dirname(__file__)+'../py'
  mod = import_module('realhandlerscript', path = [dir])
  return mod.handler(req)

### index.php
(The php extension is confusion-maker - the hackers will trying with php
exploits on php site. I can set this to .jsp, or other ext, to confuse the
attackers).

my site is like this:
/htdocs
/htdocs/index.php
/py

The /py is containing all of the handlers, templates, and everything that I
don't want to publish directly (I publish the contents from globally
controlled script).

This is a kind of paranoia, but I fear if I confuse my apache config file,
all of my sources and directories will visible as text (if I store them in
the htdocs)...

So I moved them into a lower level dir.

It is good solution ? Or can I set in apache directory sections globally to
let all of the py/psp and some of other files unvisible ?
Can I set globally this (un)visibility, to only server (and modpy) can see
these files, but the request/users can not ?

Do you knows about any restrictions if I don't use the htdocs to store my
handler scripts and other stuffs ?

Thanks for your help:
dd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20061007/f4f3949a/attachment.html


More information about the Mod_python mailing list