The PSP parser produces no errors, only the Python interpreter does. It can be hard sometimes to make the correspondence from the interpreter's error messages to the PSP source.

If a page is called with an underscore _ placed after .psp like in page.psp_ a source listing will be output containing the PSP source and the parsed python source side by side.

This is handy for debugging but can be dangerous in a production server. As example this script makes a connection to a database. If others can call it with the .psp_ extension the database user and its password will be revealed.

<html><body><table>
<%
import psycopg2 as db
connection = db.connect(
   # If users can call the page with the extension .psp_
   # sensitive information like passwords will be exposed
   'host=localhost dbname=my_db user=my_user password=user_password')
cursor = connection.cursor()
query = 'select * from my_table'
cursor.execute(query)
rs = cursor.fetchall()
for row in rs:
   #
%>
<tr><td><%= row[2] %></td><td><%= row[3] %></td></tr>
<%
cursor.close()
connection.close()
%>
</table></body></html>

A production server should always have the PythonDebug directive set to off.

To restrict .psp_ access to some hosts add this to the Apache configuration:

<Files *.psp_>
   Deny from all
   Allow from 192.168.1.104 192.168.1.205
</Files>

Read the Apache manual for all the possibilities of the Allow directive.