|
Sean Davis
sdavis2 at mail.nih.gov
Sat Oct 7 18:52:56 EDT 2006
Durumdara wrote:
> Hi !
>
> Where do you put your py modules ?
>
> Interesting question !
>
> I have site, and I want to protect it.
> Because I want to do this, I use .php extension for my main py script,
> something like this:
>
> ### index.php
>
> def handler(req):
> dir = os.dirname(__file__)+'../py'
> mod = import_module('realhandlerscript', path = [dir])
> return mod.handler(req)
>
> ### index.php
> (The php extension is confusion-maker - the hackers will trying with
> php exploits on php site. I can set this to .jsp, or other ext, to
> confuse the attackers).
>
> my site is like this:
> /htdocs
> /htdocs/index.php
> /py
>
> The /py is containing all of the handlers, templates, and everything
> that I don't want to publish directly (I publish the contents from
> globally controlled script).
>
> This is a kind of paranoia, but I fear if I confuse my apache config
> file, all of my sources and directories will visible as text (if I
> store them in the htdocs)...
>
> So I moved them into a lower level dir.
>
> It is good solution ? Or can I set in apache directory sections
> globally to let all of the py/psp and some of other files unvisible ?
> Can I set globally this (un)visibility, to only server (and modpy) can
> see these files, but the request/users can not ?
>
> Do you knows about any restrictions if I don't use the htdocs to store
> my handler scripts and other stuffs ?
You didn't mention how you have set up your site--using publisher?
CGI? AddHandler? SetHandler?
To answer your question, there is no necessity that you store ANY of
your python code in htdocs. Particularly for code reuse reasons, I
think having a directory outside htdocs is useful, as some (most) of
your modules should be useful in other projects that are not
web-related. Add that directory to your sys.path and voila, you have
code reuse without copying the code around....
Sean
|