[mod_python] attempting some simple documentation

Gert Cuykens gert.cuykens at gmail.com
Tue Jun 12 22:06:32 EDT 2007

On 6/13/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> On 13/06/07, Gert Cuykens <gert.cuykens at gmail.com> wrote:
> > By secure i mean a psp file that is accessible by a internet user like
> > a html file is less secure then a handler witch only a root user can
> > have aces too.
> That a handler source code file wouldn't be exposed due to a
> configuration mistake would only be true if it is outside of the
> document tree. It is possible to put handler code files in the
> document tree and sometimes this is quite convenient as it means you
> can utilise Apache's URL dispatch for various things rather than
> writing a slower one of your own in Python code. Also, handler source
> code files wouldn't necessarily only be readable as root as Apache
> child processes shouldn't be run as root, but as a separate user. Thus
> that user has to be able to read the handler source code files and all
> directories down to it or Apache can't work. Thus, must be all group
> owned by Apache user or made readable to others. Thus, things other
> than root will be able to read it one way or the other.
> Graham

Still www-data user outside the doctree is more secure then internet
user inside doctree :P

More information about the Mod_python mailing list