[mod_python] reloading issue

Graham Dumpleton graham.dumpleton at gmail.com
Wed Mar 14 04:37:00 EST 2007 

On 14/03/07, me <mlists at e-beyond.de> wrote:
> Hello Graham,
>
> Am Mittwoch 14 März 2007 06:54:30 schrieben Sie:
> > On 14/03/07, me <mlists at e-beyond.de> wrote:
> > If you have defined use of mod_python.publisher for the directory the
> > factory method is in, all those files in the 'Contents' subdirectory
> > will also be visible through mod_python.publisher. You should
> > therefore move your 'Contents' directory out of the web server
> > document tree to avoid them being called directly, or put a .htaccess
> > file in the 'Contents' directory which contains:
> >
> >   Deny from all
> >
> > This will stop them being accessible by mod_python.publisher from a client.
>
> I thought I've read in the documentation that when I create a directory with
> an leading underscore the directory is protected.
>         http://www.modpython.org/live/current/doc-html/hand-pub-alg-trav.html
> My directory structure looks like that:
>
>   DocumentRoot/_modules/Contents/__init__.py
>                                                           MainIndex.py
>                          /index.py
>
> And the module directory is provided to the importer in the apache
> configuration:
>
> PythonOption
> mod_python.importer.path "['/www/www.isi-muenchen.de/htdocs/_module']"
>
> I think that should be okay... ??

Correct on the underscore, although a .htaccess file is still a good
idea because if someone stuffs up the main Apache configuration they
could inadvertently expose your source code still since the only thing
stopping it from being visible is mod_python.publisher at the moment.

As far as import_module(), that also should work with that importer
path, although using a non obvious aspect of import_module() which I
am not sure is actually documented as a feature and you probably
should not rely upon. That is that using relative path of './' will
resolve relative to directory the call is done from, but in your case
you have stumbled upon fact that implementation actually also tries to
find a module by appending a './' prefixed path to any of the
directories in the importer path. Thus why it finds './Contents' even
though it isn't in the directory the call is being made from but
elsewhere. You would be better off reserving './' for when you really
mean relative to the same directory. Instead use just:

  module = apache.import_module('Contents/' + className)

This will have the same affect and that it isn't a relative path
implies better that a search is being done.

Other options is to be explicit:

  module = apache.import _module('~/_modules/Contents/' + className + '.py')

BTW, the 'Contents/__init__.py' will not be getting imported unless
you explicitly do so. Ie., not treated like a package.

Also, please keep followups on the mailing list.

Graham

More information about the Mod_python mailing list