[mod_python] attempting some simple documentation

Graham Dumpleton graham.dumpleton at gmail.com
Tue Jun 12 21:55:15 EDT 2007

On 13/06/07, Gert Cuykens <gert.cuykens at gmail.com> wrote:
> On 6/13/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> > On 13/06/07, Gert Cuykens <gert.cuykens at gmail.com> wrote:
> > > Why use PSP handlers ? It makes it more complicated then just writing
> > > handlers your self, not to mention its more secure depending on where
> > > you put the .py files ?
> >
> > Why do you think one is more secure than any other?
> >
> > Why do you even think that mod_python itself is secure?
> >
> > Yes I know people may see this as a troll, but I ask it as a genuine
> > question to try and gauge how people (mis)perceive how secure
> > mod_python is.
> Also forgot the word faster then psp, actually its more like waaaaay faster :)
> By secure i mean a psp file that is accessible by a internet user like
> a html file is less secure then a handler witch only a root user can
> have aces too.

That a handler source code file wouldn't be exposed due to a
configuration mistake would only be true if it is outside of the
document tree. It is possible to put handler code files in the
document tree and sometimes this is quite convenient as it means you
can utilise Apache's URL dispatch for various things rather than
writing a slower one of your own in Python code. Also, handler source
code files wouldn't necessarily only be readable as root as Apache
child processes shouldn't be run as root, but as a separate user. Thus
that user has to be able to read the handler source code files and all
directories down to it or Apache can't work. Thus, must be all group
owned by Apache user or made readable to others. Thus, things other
than root will be able to read it one way or the other.


More information about the Mod_python mailing list