|
Nicolas Lehuen
nicolas at lehuen.com
Sat Feb 25 03:32:12 EST 2006
That is called "Reply-To Munging" and is considered harmful by some. http://www.unicom.com/pw/reply-to-harmful.html Regards, Nicolas 2006/2/25, Joshua Ginsberg <listspam at flowtheory.net>: > Wow -- I'm the administrivia whore today... sorry about that... > > Why don't we configure the list to have the reply-to be back to the > list? :-) I can't tell you the number of times I hit reply instead of > remembering to hit "Reply All", a button which I generally consider to > be the brainchild of Satan. > > -jag > > On Feb 24, 2006, at 7:59 PM, Graham Dumpleton wrote: > > > Please keep followups on mailing list. :-( > > > > On 25/02/2006, at 11:28 AM, Robert Thomas Davis wrote: > > > >> Graham > >> > >> ...finally got everything up and running with the new > >> version :) Now I get a NameError exception on the > >> call to validate_user (which, at least, is a step in > >> the right direction)!! > >> > >> Do you have any suggestions as to what would be a > >> better way to structure this so I don't encounter that > >> issue? Basically what I am trying to accomplish is > >> the following... > >> > >> There will be more defs in index.py (like the devices > >> def) whose contents I want to protect. I want to > >> ensure that the user will have to enter their > >> user/passwd anytime attempts are made to access these > >> functions (unless the current session is still valid > >> of course). After reading that article you references > >> it seems I would need to move the validate_user > >> function to an outside module and then import it > >> inside the def __auth__()?? > > > > Personally I wouldn't use the mod_python.publisher authentication, > > but that is a topic for another time. > > > > If you must use the mod_python.publisher support for basic > > authentication, > > then use a wrapper class to do it. If you have Python 2.4, you could > > even > > use decorators for the purpose to make it a really clean solution. > > > > Basic code is: > > > > from mod_python import apache > > > > class Restricted: > > def __init__(self,method,realm="Restricted Access"): > > self.__call__ = method > > self.__auth_realm__ = realm > > def __auth__(self,req,user,password): > > apache.log_error("__auth__") > > return user == "mickey" and password == "mouse" > > > > def index(req): > > return "index" > > > > def page1(req): > > return "page1" > > > > def page2(req): > > return "page2" > > > > page2 = Restricted(page2) > > > > The "Restricted" class acts as a wrapper around the published function. > > The auth functions are actually in the wrapper class. Because the > > wrapper > > class is at global scope, you don't have the problem with nested > > functions > > that you are seeing. > > > > I don't have Python 2.4, so can't give you a solution which uses > > decorators, > > but I am sure that someone else on the mailing list who has and > > understands > > decorators could provide so code pretty quick. The ideas with > > decorators > > is you should be able to setup the code so all you need to do is > > something > > like: > > > > def index(req): > > return "index" > > > > def page1(req): > > return "page1" > > > > @restricted > > def page2(req): > > return "page2" > > > > The decorator would do the magic of wrapping the function for you > > automatically. > > To me this would be a really clean solution, although possibly > > restricted to use > > of functions. > > > > Anyone want to step up and provide a decorator solution for this? > > > >> Also, do any RPMs exist for these more recent versions > >> of mod_python OR is there a documented procedure for > >> building a mod_python RPM from the recent releases? > > > > I imagine someone will put together an RPM for 3.2.7/3.2.8 > > at some stage. This is usually done by someone attached to > > the maintainers of the Linux distribution and not the mod_python > > folks though. > > > > Graham > > > >> --- Graham Dumpleton <grahamd at dscpl.com.au> wrote: > >> > >>> Robert Thomas Davis wrote .. > >>>> Graham > >>>> > >>>> Sorry...your replies were be sent to the "bulk" > >>>> folder...glad I checked it before just deleting > >>> all! > >>>> > >>>> I am using mod_python 3.1.3 with apache 2.0.53 on > >>>> Fedora Core 3. > >>> > >>> Any chance you can upgrade to mod_python 3.2.7? I > >>> really can't find > >>> any problem with the basic structure of what you are > >>> doing, but there > >>> have been fixes to publisher in 3.2.7 that may mean > >>> I am not seeing > >>> the problem. > >>> > >>>> The url I use to access the "devices" page (the > >>> one I > >>>> would like to protect) is > >>> http://localhost/devices. > >>>> > >>>> I do agree about having the info on the mailing > >>> list > >>>> so others could learn from it; maybe we can post > >>> the > >>>> results. > >>> > >>> The ongoing discussion is also useful, as the actual > >>> debugging process > >>> itself can be just as useful as the final result. > >>> Thus, use reply-all. > >>> > >>> Graham > >>> > >>>> Thanks, > >>>> > >>>> --- Graham Dumpleton <grahamd at dscpl.com.au> wrote: > >>>> > >>>>> BTW, I can't seem to find that you have ever > >>> said > >>>>> exactly which version > >>>>> of mod_python you are using. Are you using the > >>>>> latest version? > >>>>> > >>>>> Graham > >>>>> > >>>>> Graham Dumpleton wrote .. > >>>>>> Still generally prefer it to be on the mailing > >>>>> list as other people can > >>>>>> learn from it and it is in the mailing list > >>>>> archive as well, so people > >>>>>> down the track may find it as well and it may > >>>>> solve a problem for > >>>>>> them also. > >>>>>> > >>>>>> One more question. What URLs are you using to > >>>>> access the resources > >>>>>> so I can relate that properly to the Apache > >>>>> configuration and the > >>>>>> published functions in the file? > >>>>>> > >>>>>> Graham > >>>>>> > >>>>>> Robert Thomas Davis wrote .. > >>>>>>> Hell graham > >>>>>>> > >>>>>>> I really appreciate your help with > >>> this...and > >>>>> since > >>>>>>> you have been the only one responding I > >>> thought > >>>>> I > >>>>>>> might as well just mail you the files in > >>>>> question > >>>>>>> (index.py and httpd.conf, attached as a > >>> .tgz) > >>>>>>> > >>>>>>> The file index.py would normally live in the > >>>>>>> directory: > >>>>>>> /usr/local/lap/http/ > >>>>>>> > >>>>>>> Based on your last reply I am wondering if > >>> it is > >>>>> my > >>>>>>> httpd.conf file that is setup incorrectly (i > >>> do > >>>>> not > >>>>>>> get the 500 error at all). When the > >>> enclosed > >>>>> code > >>>>>>> gets executed it appears as though it skips > >>>>> right over > >>>>>>> the nested __auth__ fuction. However, if > >>> that > >>>>>>> function is moved to the module scope > >>> (index.py) > >>>>> it > >>>>>>> always gets called and subsequently calls > >>> the > >>>>>>> validate_users function. > >>>>>>> > >>>>>>> Again...your help is much appreciated. > >>>>>>> > >>>>>>> Rob > >>>>>> > >>> _______________________________________________ > >>>>>> Mod_python mailing list > >>>>>> Mod_python at modpython.org > >>>>>> > >>>>> > >>>> > >>> > >> http://mailman.modpython.org/mailman/listinfo/mod_python > >>>>> > >>> > > > > _______________________________________________ > > Mod_python mailing list > > Mod_python at modpython.org > > http://mailman.modpython.org/mailman/listinfo/mod_python > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python >
|