On Jun 17, 5:15 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> On 20 май, 01:25, Graham Dumpleton <[EMAIL PROTECTED]> wrote:
>
>
>
> > On May 19, 9:04 pm, Daniel Ellison <[EMAIL PROTECTED]> wrote:
>
> > > On Friday 18 May 2007 21:32:33 Graham Dumpleton wrote:
>
> > > > This will all only work if the web site administrator has also set:
>
> > > > AllowOverride FileInfo
>
> > > > for the directory containing the .htaccessfile you want to add the
> > > > the SetHandler directive to.
>
> > > Yes, that's true. Sorry, forgot to add that bit of info. Same for
> > > AuthConfig
> > > if you want to restrict access to sensitive projects in your
> > > .htaccessfile.
>
> > Usingmod_pythonthere are actually ways around the lack of both these
> > overrides being set and the fact that it is possible to circumvent the
> > intention of the web administrator as far as them not providing you
> > these abilities in the first place, is why I personally wouldn't
> > recommend installingmod_pythonin a shared hosting environment where
> > there are many users running within the same web server. Luckily the
> > majority of people don't understandmod_pythonand how it works enough
> > so as to realise the mischief they could get up to. :-)
>
> > Anyway, will wait and see whether the original poster has FileInfo
> > override ability in .htaccessfiles before we consider the
> > workarounds.
>
> Can you please tell about such workarounds?
All it needs for Apache to consult .htaccess files is one of the
following overrides be allowed by setting AllowOverride directive:
AuthConfig
FileInfo
Indexes
Limit
Options[=Option,...]
The one which people generally associate with being required for
mod_python to be usable is FileInfo.
FileInfo is seen as needed so that one can make use of the SetHandler/
AddHandler/SetEnv directives. Ie. these directives would be needed to
make the following work in a .htaccess file.
PythonPath "['/home/[your_home]'] + sys.path"
SetHandler python-program
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonDebug On
The way mod_python is implemented, the PythonPath/PythonHandler/
PythonDebug directives are allowed anywhere. Ie., they are allowed
in .htaccess files even if FileInfo is not set. It is though still
required that the .htaccess file at least be consulted by Apache.
This is where we get back to the the AllowOverride directive, provided
at least one override is allowed, doesn't matter which, the .htaccess
file will be read and it will be possible to use the mod_python
directives in a .htaccess file.
The only problem now though is that if the override is not FileInfo,
you cant use SetHandler/AddHandler/SetEnv. The way around this though
is (provided you have mod_python 3.3), to use a PythonFixupHandler.
Thus directives in .htaccess file would be:
PythonPath "['/home/[your_home]'] + sys.path"
PythonFixupHandler /home/fixup.py
PythonDebug On
In /home/fixup.py you would then have:
from mod_python import apache
def fixuphandler(req):
req.handler = "mod_python"
req.add_handler("PythonHandler", "django.core.handlers.modpython")
req.subprocess_env["DJANGO_SETTINGS_MODULE"] = "mysite.settings"
return apache.OK
This will not work in older version of mod_python because
'req.handler' wasn't writable in older versions. Even with older
versions one could get around the fact that req.handler is not
writable though if one was prepared to write your own C extension
module which did some nasty stuff. :-)
So, it doesn't help if you can't use .htaccess files at all, but if
you do have ability to use .htaccess but don't have FileInfo override
it will work.
One could argue that mod_python should only allow handlers to be
defined if FileInfo and/or AuthConf as appropriate is set, but doing
this now would probably break a lot of peoples existing installations.
Graham
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
