[Web-SIG] [WSGI] mod_python wrapper: minimal first attempt

Phillip J. Eby pje at telecommunity.com
Thu Oct 14 19:24:57 CEST 2004

At 10:13 PM 10/13/04 -0700, Robert Brewer wrote:
>Phillip J. Eby wrote:
> >      def wsgi_handler(req):
> >          handler = ModPyHandler(req)
> >          options = req.get_options()
> >          appmod,appname = options['application'].split('::')
> >          d = {}
> >          exec ("from %(appmod)s import %(appname) as application" %
> > locals()) in d
> >          handler.run(d[application])
> >          from mod_python import apache
> >          return apache.OK
>Eeew. exec. Smelly. :)

The "correct" way to do it would be to swipe whatever code mod_python 
itself uses for that, although I wouldn't be surprised if it uses exec 
also.  :)

More likely, it uses '__import__', but for the prototype version, why bother?

>I'll stick with plain Python code over
>PythonOption, thanks, and make my app developers do a few lines of extra
>work *once* instead of every deployer on every install.

I'm confused.  One of the main points of WSGI is to "write once, run 
anywhere".  Assuming most WSGI apps end up as a callable that can be 
imported from somewhere, then the path of least resistance for a deployer 
is to be able to pop an extra line or two in an .htaccess or 
httpd.conf.  They're going to have to touch that file anyway, even to set 
up a wrapper script.  Why should they have to edit the configuration *and* 
write a script?  Especially if they're just deploying the app.  That makes 
no sense to me at all.  Likewise, it makes no sense to have the application 
developer have to write a mod_python wrapper for their WSGI applications, 
since they might not have or care about mod_python specifically.

Perhaps I'm misunderstanding what you're saying, because I don't "get 
it".  Or maybe you misunderstood the intent of my code.  I was assuming 
that the 'wsgi_handler' function would be bundled with the *gateway*, not 
added to every application.  So, you would always have, e.g.:

     PythonHandler wsgiref.handlers::wsgi_handler

as part of the handler setup for a WSGI application.  Thus, deploying a 
WSGI app on mod_python should be as simple as having wsgiref and the 
application itself on the server's PYTHONPATH, and then setting a couple of 
configuration options.

>         if req.path_info:
>             env["SCRIPT_NAME"] = req.uri[:-len(req.path_info)]
>         else:
>             env["SCRIPT_NAME"] = req.uri

Does the 'req.uri' attribute include a query string?

>         # you may want to comment this out for better security

No, you don't want to.  :)  If you don't trust the WSGI app, you shouldn't 
run it.  It would be trivial for it to inspect Python stack frames until it 
finds the request object and pull out the authorization on its own.  So, it 
might give someone a warm fuzzy feeling to take it out, it won't really 
help anything.  :)

More information about the Web-SIG mailing list