On Nov 26, 2008, at 9:10 AM, Jason Grout wrote: > heebie wrote: >> Hi, >> >> Thanks a lot for your help. I just have a few questions, if you >> wouldn't mind. >> >> 1) Can I just send the http requests to sagenb.org, or will I have to >> host the notebook myself? > > I don't know; I haven't used that http protocol myself. You could try > it, though.
Yes, you could. If you're actually going to run a server, it would probably be good to set up your own, as sagenb.org is more for people to try out Sage. http://sagenb.org/simple/login?username=yourName&password=xxxx which will return something like { "session": "3ef9514f4c872d92b287b8489d82fdfe" } ___S_A_G_E___ From then on you use session to authenticate. To run a computation, do http://sagenb.org/simple/compute? session=3ef9514f4c872d92b287b8489d82fdfe&code=2*2 which returns { "status": "done", "files": [], "cell_id": 2 } ___S_A_G_E___ 4 Note that the code in the needs to be escaped, i.e. if I wrote "2+2" the + gets interpreted as a space, and sage would get "2 2" which is a syntax error. http://sagenb.org/simple/compute? session=3ef9514f4c872d92b287b8489d82fdfe&code= factor(2^125-1) { "status": "done", "files": [], "cell_id": 3 } ___S_A_G_E___ 31 * 601 * 1801 * 269089806001 * 4710883168879506001 One can then do http://sagenb.org/simple/compute? session=3ef9514f4c872d92b287b8489d82fdfe&code=plot(sin(x),%20-2,%202) { "status": "done", "files": ["sage0.png"], "cell_id": 4 } ___S_A_G_E___ and get the image via http://sagenb.org/simple/file? session=3ef9514f4c872d92b287b8489d82fdfe&file=sage0.png&cell=4 Note that if the computation takes more than a second or two, it will return immediately with a "computing" status. One can then query for the result later, or set timeout parameters, etc. For more examples, see the top of http://hg.sagemath.org/sage-main/file/8b1d19463fc4/ sage/server/simple/twist.py >> 2) What exactly are the security implications, and are they for the >> site hosting the notebook or the site sending the http requests? I >> note that in that most recent link you gave me to another discussion, >> some guy said that he closed his calculator down after security >> concerns (a discussion which, by the way, I don't really understand) > > > Basically, anyone that can run an arbitrary Sage command can also > access > a command line on the system as the user running Sage. This means > that > unless you've somehow locked down that account (the account that is > executing the Sage command), you are basically granting every user a > normal account on your computer. > > Currently some ways to deal with this are setting up a virtual server > (so the system-wide access is contained inside the virtual machine), > setting up very restricted user accounts (but you need to know what > you > are doing in Linux to do that). Another thing you can do is parse the > command that the user enters so that "bad" commands are never > executed. > This can be tricky, though. The other thread currently going on in > the sage-devel mailing list that I pointed out talks about doing this > this way. I think this is how webMathematica works; it makes sure > that > the only commands executed are from a specific list of "safe" > commands. Letting the user execute commands, and trying to make sure they're safe, is fraught with security issues. Letting the user specify input, and then *you* acting on that input (as the author of the iterative we page) via a fixed number of commands, is a much easier task. (One also needs to make sure that there aren't security problems in parsing the input). Hosting it all in a virtual server is a bug plus too. >> 3) Will I need to learn Python? > > Sage is based on python, which means whenever you are doing > anything in > Sage, you are doing things in Python. It's really easy to pick up > Python and will make you much more effective in Sage if you understand > Python better. If you want improve the Sage side of things, then yes, but to use it it's not a necessity (though not too hard and a rather good idea anyways). - Robert --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-support@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-support URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
