[mod_python] Where do you put your py modules... ? [alias paranoid protector]

Sean Davis sdavis2 at mail.nih.gov
Mon Oct 9 08:00:29 EDT 2006

On Monday 09 October 2006 05:22, Graham Dumpleton wrote:
> I have pushed your email back onto the mailing list. Please keep
> followups there in future. I'll see if I can get to your email later and
> try and understand what it is you are talking about. In the meantime,
> someone else may have comments.
> Graham
> On 09/10/2006, at 5:38 PM, durumdara wrote:
> > Dear Graham !
> >
> > I want to ask something about the site structure.
> >
> > Graham Dumpleton írta:
> >> On 07/10/2006, at 8:11 PM, Durumdara wrote:
> >>> ### index.php
> >>> (The php extension is confusion-maker - the hackers will trying
> >>> with php exploits on php site. I can set this to .jsp, or other
> >>> ext, to confuse the attackers).
> >>
> >> Why not use the appropriate extension for the type of content that
> >> is delivered up for the resource. In other words, why not use a .html
> >> extension. If you use that, they will have no idea what
> >> implementation
> >> language you are using. One could also use no extension at all.
> >
> > Good idea !
> >
> >>> Do you knows about any restrictions if I don't use the htdocs to
> >>> store my handler scripts and other stuffs ?
> >>
> >> Depends on how your handler is written to a degree. You do loose the
> >> ability to use some Apache features if all you end up doing is
> >> using Apache
> >> as a jumping off point and implementing all URL interpretation
> >> yourself. In
> >> some respects, if you are going to do that, you may as well
> >> trigger your
> >> handler from inside a Location directive, which since it isn't
> >> associated
> >> with a physical directory cannot result in any way your source
> >> code being
> >> exposed.
> >
> > There is many way to answer the request.
> > If I use psps, or publisher scripts, every of them must contains
> > "Beginning" and "End" functions to make same pages. Example: B:
> > session init, db init, E: force global template on site (title,
> > menu, navigation), write the result to output stream, close databases.
> > This is solvable if I put "import Header; Header.init()" to
> > beginning, and "import Footer; Footer.done()" to the end of the
> > scripts, psps...

Why not make a "Page" class that contains all the functionality that you want 
for each page, and then inherit from it to supply the body?  Alternatively, 
use a template system (as you suggest).  

> > > > The working method is now that my global handler creates a request 
> > class that holds many informations (request, session, databases,
> > actual path, etc).
> > This handler is see the req.filename.
> > If this is a ".php" file, it is remove this extension, and it try
> > to find same directory in the template path.
> > If in this dir it found "<%_dirname%>".py, then starts it. If in
> > this dir is found page.html, then render it with PSP.
> > Then this handler is write the result to the output stream.
> > But I need to restructure this site, because my boss is required
> > subdirectories in the published site (host/product1/support.php vs.
> > host/product1_support.php)...

Sounds like you would like you have what you want working.  You can't just 
change the directory structure a bit?  You might remind your boss that things 
in htdocs are meant to be visible by the outside world; if you want to hide 
them, you will need to modify the apache config file.  If you store them 
outside of htdocs, you will likely not have to do as much work on the apache 
config file.  

> > Do you knows about a solution the can uniform the pages (every
> > page) and can use in the Apache URL handling ?
> > For every directory I want to show ?

As I mentioned, why not make a "page" class and then inherit from it for all 
your pages?

More information about the Mod_python mailing list