Big thank you to everybody for the pointers!
I have now lot to test and think about.
best regards,
Aivar
03.04.2018 02:16 Carl Karsten kirjutas:
web2py was written by a college professor to teach web development on
a tight schedule. he didn't like the existing ones that took too long
to get a Hello World thing up and running. "pick a db engine" is not
something that needs to be part of the 2 hours of class time this
week.
but, it is targeting web development, not Python. And I am pretty sure
it wants functions and a few other stated requirements. The only
reason I bring it up is it may be a better fit that any of the other
proposed ideas, and its install really is:
http://www.web2py.com/init/default/download
"After download, unzip it and click on web2py.exe (windows) or
web2py.app (osx). To run from source, type: python2.7 web2py.py" (I
guess Linux users are good with "run from source")
I can confirm it works, but I have never done anything real, but I
know people who have, so I would not be afraid of it.
OTOH, it may not be the solution you are looking for, and that's fine.
On Mon, Apr 2, 2018 at 3:20 PM, Andrew Harrington <ahar...@luc.edu> wrote:
Bottle sound like it makes things very simple.
I also have a chapter introducing server-side Python interaction in very
simple cases.
http://anh.cs.luc.edu/python/hands-on/3.1/handsonHtml/ch4.html
It does come well after function introduction.
Dr. Andrew N. Harrington
Computer Science Department
Graduate Program Director g...@cs.luc.edu
Loyola University Chicago
207 Doyle Center, 1052 W Loyola Ave.
http://www.cs.luc.edu/~anh
Phone: 773-508-3569
Dept. Fax: 773-508-3739
ahar...@luc.edu (as professor, not gpd role)
On Sat, Mar 31, 2018 at 8:20 PM, Wes Turner <wes.tur...@gmail.com> wrote:
Web programming is fun but dangerous.
Things as simple as 'it reads a file off the disk and sends it to the
user' can unintentionally expose every readable file to whoever or whatever
can access localhost.
```python
os.path.join('here', '/etc/shadow')
path = 'here/' + '../../../../etc/shadow'
```
All of the examples in this thread are susceptible to XSS (Cross Site
Scripting) and CSRF (Cross-site Request Forgery). Don't feel bad; many
college web programming courses teach dangerous methods, too.
XSS:
```
x = """</body><script>alert('download_mining_script()')</script>"""
return f'<html><body>{x}'
"""
Bottle has multiple templating engines which escape user-supplied input
(in order to maintain a separation between data and code).
Like XSS, SQLi is also a 'code injection' issue. pypi:Records can use
SQLAlchemy. Django is a great framework with a built-in ORM that also
escapes SQL queries.
CSRF:
- X posts an XSS to site A that POSTs to site B
- 100 users view site A
- [...]
http://bottle-utils.readthedocs.io/en/latest/csrf.html
https://bottlepy.org/docs/dev/tutorial.html#html-form-handling
OWASP has a lot of information on WebSec:
OWASP Top 10
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
The OWASP Vulnerable Web Applications Directory Project (VWAD)
https://github.com/OWASP/OWASP-VWAD
Any program or user on the system can read and write to localhost.
On Saturday, March 31, 2018, Wes Turner <wes.tur...@gmail.com> wrote:
Bottle is a single file web microframework.
https://github.com/bottlepy/bottle
https://github.com/bottlepy/bottle/blob/master/bottle.py
Example: "Hello World" in a bottle
```python
from bottle import route, run, template
@route('/hello/<name>')
def index(name):
return template('<b>Hello {{name}}</b>!',
name=name)
run(host='localhost', port=8080)
```
There are docs and every function is Ctrl-F'able within bottle.py.
On Friday, March 30, 2018, kirby urner <kirby.ur...@gmail.com> wrote:
Very interesting. I note that free users are relegated to Python 2.7
Server modules can be Python 3.6 (outside the free version)
Client stuff compiles to JavaScript and is approximately 2.7
That's a bit confusing maybe. I try to avoid 2.7 but that's not easy.
In my Coding with Kids work, we use Codesters.com to teach Python, which
depends on Skulpt. Also 2.x ish.
Kirby
On Fri, Mar 30, 2018 at 11:49 AM, Jason Blum <jason.b...@gmail.com>
wrote:
http://anvil.works/ is a pretty interesting approach to Python web
applications.
On Fri, Mar 30, 2018 at 2:05 PM, kirby urner <kirby.ur...@gmail.com>
wrote:
Hi Aivar --
I think it's a fine idea to write simple Python scripts that write
HTML files, which you may then pull up in the browser.
There's no need to put a server behind static web pages. So, for
example, I'll have my students write a page of bookmarks:
# -*- coding: utf-8 -*-
"""
Created on Wed Nov 4 18:02:30 2015
@author: Kirby Urner
"""
# tuple of tuples
bookmarks = (
("Anaconda.org", "http://anaconda.org";),
("Python.org", "http://python.org";),
("Python Docs", "https://docs.python.org/3/";),
("Spaghetti Code", "http://c2.com/cgi/wiki?SpaghettiCode";),
("Structured Programming",
"http://c2.com/cgi/wiki?StructuredProgramming";),
("Map of Languages",
"http://archive.oreilly.com/pub/a/oreilly//news/languageposter_0504.html";),
("XKCD", "http://xkcd.com";),
)
page = '''\
<!DOCTYPE HTML>
{}
'''
html = """\
<HTML>
<HEAD>
<TITLE>Bookmarks for Python</TITLE>
</HEAD>
<BODY>
<H3>Bookmarks</H3>
<BR />
<UL>
{}
</UL>
</BODY>
</HTML>
""".lower()
the_body = ""
for place, url in bookmarks:
the_body += "<li><a href='{}'>{}</a></li>\n".format(url, place)
webpage = open("links.html", "w")
print(page.format(html.format(the_body)), file=webpage)
webpage.close()
All you need add to your example is using print() to save to a file,
so the browser has something to open.
I would not call this a "web app" yet it's instructive in showing how
Python can write HTML files.
Kirby
On Wed, Mar 28, 2018 at 12:18 AM, Aivar Annamaa <aivar.anna...@ut.ee>
wrote:
Hi!
Let's say my students are able to write programs like this:
name = input("name")
if name == "Pete":
greeting = "Hi"
else:
greeting = "Hello!"
print(f"""
<html>
<body>
{greeting} {name}!
</body>
</html>
""")
I'd like to allow them start writing web-apps without introducing
functions first (most web-frameworks require functions).
It occurred to me that it's not hard to create a wrapper, which
presents this code as a web-app (input would be patched to look up GET or
POST parameters with given name).
This approach would allow simple debugging of the code on local
machine and no extra libraries are required in this phase.
Any opinions on this? Has this been tried before?
best regards,
Aivar
_______________________________________________
Edu-sig mailing list
Edu-sig@python.org
https://mail.python.org/mailman/listinfo/edu-sig
_______________________________________________
Edu-sig mailing list
Edu-sig@python.org
https://mail.python.org/mailman/listinfo/edu-sig
_______________________________________________
Edu-sig mailing list
Edu-sig@python.org
https://mail.python.org/mailman/listinfo/edu-sig
_______________________________________________
Edu-sig mailing list
Edu-sig@python.org
https://mail.python.org/mailman/listinfo/edu-sig
_______________________________________________
Edu-sig mailing list
Edu-sig@python.org
https://mail.python.org/mailman/listinfo/edu-sig
