Python CGI Script
Steve Holden
steve at holdenweb.com
Sun Oct 2 05:43:58 EDT 2005
Efrat Regev wrote:
> Hello,
>
> I'm a data-structures course TA trying to write a python CGI script
> for automatically compiling and testing students' projects.
> Unfortunately, I've run into some questions while writing this, which I
> couldn't solve with the various (and helpful) python-CGI documentation.
> (It's possible that I'm posting to the wrong group; if so, I'd
> appreciate suggestions for the appropriate group.)
>
>
> 1. In my HTML page, I have the following:
>
> <form method="post" action="submission_processor.py"
> enctype="multipart/form-data">
> ...
> </form>
>
> In the above, submission_processor.py is the python CGI script. I
> didn't write a URL in the action field, since I'm first testing
> everyting on a local machine (running FC4). The first line of
> submission_processor.py is
>
> #!/usr/bin/python
>
> and I've done
>
> chmod +x submission_processor.py
>
> When I hit the "submit" button, my browser (Firefox on FC4) doesn't
> run the script; it asks me whether it should open
> submission_processor.py or save it to disk. I couldn't figure out why.
>
You also have to have the executable script inside a directory that is
recognised as being a script directory (usually achieved with an Apache
ScriptAlias directive), or have the server otherwise recognise .py files
as executable (just setting the +x mode bit isn't enough).
In the absence of such knowledge the server just returns the content of
the file rather than the content produced by *executing* the file.
> 2. My HTML page has the option for an instructor to list the various
> submissions and scores. Obviously, this should be inaccessible to
> students. The instructor has a password for doing this, therefore.
> Suppose I place the password inside a python script, and give this
> script only +x permission for others. Is this adequate as far as security?
>
That depends on whether you wanted to use HTTP security (provided
automatically by the web server) or application security (provided by
your code).
In the case of a script which is for general running but where some of
the script's functionality shouldn't be generally available you are
stuck with the latter. It's OK to have passwords in your script as long
as you are sure that the script isn;t going to be served up as content
like it currently is!
>
> Thanks in advance for answering these questions.
>
>
> Efrat
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/
More information about the Python-list
mailing list