[mod_python] Where do you put your py modules... ? [alias paranoid protector]

Sean Davis sdavis2 at mail.nih.gov
Sat Oct 7 18:52:56 EDT 2006

Durumdara wrote:
> Hi !
> Where do you put your py modules ?
> Interesting question !
> I have site, and I want to protect it.
> Because I want to do this, I use .php extension for my main py script, 
> something like this:
> ### index.php
> def handler(req):
>   dir = os.dirname(__file__)+'../py'
>   mod = import_module('realhandlerscript', path = [dir])
>   return mod.handler(req)
> ### index.php
> (The php extension is confusion-maker - the hackers will trying with 
> php exploits on php site. I can set this to .jsp, or other ext, to 
> confuse the attackers).
> my site is like this:
> /htdocs
> /htdocs/index.php
> /py
> The /py is containing all of the handlers, templates, and everything 
> that I don't want to publish directly (I publish the contents from 
> globally controlled script).
> This is a kind of paranoia, but I fear if I confuse my apache config 
> file, all of my sources and directories will visible as text (if I 
> store them in the htdocs)...
> So I moved them into a lower level dir.
> It is good solution ? Or can I set in apache directory sections 
> globally to let all of the py/psp and some of other files unvisible ?
> Can I set globally this (un)visibility, to only server (and modpy) can 
> see these files, but the request/users can not ?
> Do you knows about any restrictions if I don't use the htdocs to store 
> my handler scripts and other stuffs ?
You didn't mention how you have set up your site--using publisher?  
CGI?  AddHandler?  SetHandler?

To answer your question, there is no necessity that you store ANY of 
your python code in htdocs.  Particularly for code reuse reasons, I 
think having a directory outside htdocs is useful, as some (most) of 
your modules should be useful in other projects that are not 
web-related.  Add that directory to your sys.path and voila, you have 
code reuse without copying the code around....


More information about the Mod_python mailing list