|
Durumdara
durumdara at gmail.com
Sat Oct 7 06:11:38 EDT 2006
Hi !
Where do you put your py modules ?
Interesting question !
I have site, and I want to protect it.
Because I want to do this, I use .php extension for my main py script,
something like this:
### index.php
def handler(req):
dir = os.dirname(__file__)+'../py'
mod = import_module('realhandlerscript', path = [dir])
return mod.handler(req)
### index.php
(The php extension is confusion-maker - the hackers will trying with php
exploits on php site. I can set this to .jsp, or other ext, to confuse the
attackers).
my site is like this:
/htdocs
/htdocs/index.php
/py
The /py is containing all of the handlers, templates, and everything that I
don't want to publish directly (I publish the contents from globally
controlled script).
This is a kind of paranoia, but I fear if I confuse my apache config file,
all of my sources and directories will visible as text (if I store them in
the htdocs)...
So I moved them into a lower level dir.
It is good solution ? Or can I set in apache directory sections globally to
let all of the py/psp and some of other files unvisible ?
Can I set globally this (un)visibility, to only server (and modpy) can see
these files, but the request/users can not ?
Do you knows about any restrictions if I don't use the htdocs to store my
handler scripts and other stuffs ?
Thanks for your help:
dd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20061007/f4f3949a/attachment.html
|