date:20120514

Re: Help - Which IDE is best to use.

2012-05-14 Thread Harold.Miao

it is not a free sw

2012/5/15 Ezequiel Bertti 

> 10x pycharm...
>
> the best one...
>
> the only one made to work with python and django...
>
>
> On Tue, May 15, 2012 at 12:28 AM, Rivsen  wrote:
>
>> Maybe you can try Sublime Text 2. It's a good IDE or Editor.
>>
>> 2012/5/15 Harold.Miao 
>>
>> maybe  eclipse+pydev  is good  IDE
>>>
>>>
>>> 2012/5/15 doniyor 
>>>
 @Aaron: you are more than right,



 Am Montag, 14. Mai 2012 19:44:35 UTC+2 schrieb Aaron C. de Bruyn:

> Try here:
>
> https://code.djangoproject.**com/wiki/DjangoResources#**
> IntegratedDevelopmentEnvironme**nts
>
> But keep in mind, a good carpenter can work with a $5 hammer or a $50
> hammer.  The tools don't make the developer.  (Although they can make
> the job of a good developer easier.)
>
> -A
>
> On Mon, May 14, 2012 at 10:39 AM, Sandro Dutra 
> wrote:
> > Again... Please search before create one more of this messages about
> "What's
> > IDE is best?". The best IDE is the IDE you fell confortable using.
> There 666
> > topics about this here, search...
> >
> >
> > 2012/5/14 Eneldo Serrata 
> >>
> >> Aptana or Eclipse with PyDev Plugin
> >> http://pydev.org/
> >>
> >> El 14/05/2012, a las 11:56, Sanjay M escribió:
> >>
> >> I am new to Django, and I was confused in choosing a IDE between
> Eclipse
> >> and aptana studio 3 to edit source code. Kindly suggest me a good
> one.
> >>
> >> Thank you in advance,
> >> Regards,
> >> Sanjay M
> >>
> >>
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Django users" group.
> >> To view this discussion on the web visit
> >> https://groups.google.com/d/**msg/django-users/-/**2LIdVrSuFpQJ.
>
> >> To post to this group, send email to django-users@googlegroups.com.
>
> >> To unsubscribe from this group, send email to
> >> django-users+unsubscribe@**googlegroups.com.
>
> >> For more options, visit this group at
> >> http://groups.google.com/**group/django-users?hl=en.
>
> >>
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Django users" group.
> >> To post to this group, send email to django-users@googlegroups.com.
>
> >> To unsubscribe from this group, send email to
> >> django-users+unsubscribe@**googlegroups.com.
>
> >> For more options, visit this group at
> >> http://groups.google.com/**group/django-users?hl=en.
>
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscribe@**googlegroups.com.
>
> > For more options, visit this group at
> > http://groups.google.com/**group/django-users?hl=en.
>
>
  --
 You received this message because you are subscribed to the Google
 Groups "Django users" group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/django-users/-/IBuwOYUQasQJ.

 To post to this group, send email to django-users@googlegroups.com.
 To unsubscribe from this group, send email to
 django-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/django-users?hl=en.

>>>
>>>
>>>
>>> --
>>>
>>> Best Regards,
>>> Harold Miao
>>>
>>>
>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To post to this group, send email to django-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> django-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/django-users?hl=en.
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>
>
>
> --
> Ezequiel Bertti
> E-Mail: eber...@gmail.com
> MSN: eber...@hotmail.com
> Cel: (21) 9188-4860
>
> VÁ PARA BÚZIOS!!!
> http://www.agh.com.br/
> Ane Guest House
>
> --
> You received this message because you are subscribed to the Google Groups
> "

Re: syncdb not creating columns in postgresql database

2012-05-14 Thread kenneth gonsalves

On Mon, 2012-05-14 at 09:06 -0700, doniyor wrote:
> delete your app from INSTALLED_APPS and syncdb, AND list it again in 
> INSTALLED_APPS and syncdb again.. 
> 
> if it doesnot work, do this: 
> 
> delete your db, then syncdb, then list your app in INSTALLED_APPS and 
> syncdb again. 

this is bad advice. Syncdb will not give effect to changes within a
model. You need to carry out the change manually, or use a migration
tool like south.
-- 
regards
Kenneth Gonsalves


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Use Django to implement my GUI!

2012-05-14 Thread Jani Tiainen


Hi,

Now it starts to make "sense".

I just wonder why are you trying to build something so extremely 
complicated?


What is the rationale behind to have additional middleware layer between 
web ui and the server backend?


Wouldn't it be sufficient to have architecture like:

Browser <-> django middleware <-> remote backend

Communication between django middle ware and remote backend should be 
built on top of some messaging system, like celery + rabbitmq which 
gives you quite standard asyncronous communication between django 
middleware and remote backend. Of course you might need to write some 
adapters on remote side but that's part of the job.


Only real problem is that if you need to push changes to browser side. 
There doesn't exists any really good ways to do that. HTML5 was supposed 
to bring websockets to overcome the problem. One big problem is that 
only from IE series only IE 10 supports it. All others, FF, Chrome, 
Safari has had it for a good while.


There exists also alternative workarounds like Comet, BOSH, push and few 
others.


So let
15.5.2012 2:18, Eugčne Ngontang kirjoitti:

Hi Jani!

I haven't seen the last statements of your post, whre you say I'm not
really clear and that i'm building a non-http GUI using Django.


OK let's stay on the rendering issue only, and specify things simply.
This is a simple description of the architecture I want to set up :

- A Client (not a user interface). Client here means a module which is
installed in a remote computer and communicate with the server via socket.

- A server listening from several remote client (Here i'm not talking
yet about http request), and receive informatons from them. In fact
client must be doing actions and send informations about their actions
to the server. In the oder hand data to be processed by each client is
pushed/dispatched by the server.

- And admin (not Django Admin, but admin in the sens of my app),
destined to be the module allowing use of the application. Then the
Admin module is part of the server and will proviede a GUI for
manipulating data in the data base. It's in this GUI that users of the
application will enter their request, by filling a form or clicking a
link for exemple. And data from the GUI could be stored in the data
base, while being send to the remote clients (not to be displayed by the
client, but to be processed). In the same way, informations comming from
those clients to the server have to be diplayed in the GUI.

With a graphical GUI, The server could have a reference to an object
representing my GUI, and it will be done.
But I choose a web GUI for view and administration. It's where Django comes.

And my problem is to make my server being running a network thread,
receiving data from the GUI(web browser) and sending informations update
to the GUI (for web page content).

This is really my issue. If all the actions of my server depended on my
GUI request (http request), I could do what I like behind when handling
a http request, but while managing http:8080 connexions, the application
is running another process/thread on another TCP/UDP port.

And yes I want a web GUI.

Is why I'm looking the best way to achieve that. We can exclude Django
web server, as it will not be used in production for the application
deployment.

Hope now it's clear for you, and more for the other users.

Thanks!

2012/5/13 Jani Tiainen mailto:rede...@gmail.com>>

Hi,

There is several ways to achieve what you maybe want to do. One of
the simplest way is separate frontend (your userinterface) and
server backend. You can build your Django application as a service
(xml-rpc, json-rpc, restful). That would give you advantage to
choose whatever frontend you like. Of course it would add some overhead.

On Sun, May 13, 2012 at 1:14 PM, Eugene NGONTANG
mailto:sympav...@gmail.com>> wrote:

Hi!

I'm a python developper, but new in django.

I'm devolopping a multi clients-server application.

The server and the clients are communicating via sockets, The server
receive somme states from clients, and display them in the User
interface.
In the other hand, the server has to send a message(packet) to the
client when an event  occurs in the GUI, and data are stored in a
database.


Note that Django is mainly built for web (HTTP protocol based)
applications. In such an environment you run two different things:
your GUI (usually browser) that is totally ignorant of server side
(Django). Then you send request to some URL, Django routes it to
some view and view produces again next output to be displayed in GUI
(browser again). One of the common functions in the view is database
manipulation.

Then I choose to make a web interface where data could be viewed and
manipulated. And I discovered Django, which fit all my needs. I
tested
and liked the framework.

My quest

Re: configure FileZilla upload destination!!

2012-05-14 Thread doniyor

Hi Nik, thanks for help, but look, is it possible to configure the 
httpd.conf or anything which is responsible for upcoming files so that all 
files which i upload thru filezilla comes directly to that new folder i 
created for my djangoproject code to live? or do i have to copy files 
everytime from the folder which gets the uploaded files thru filezilla to 
my django folder? 

thanks 

Am Dienstag, 15. Mai 2012 03:30:10 UTC+2 schrieb Nikolas Stevenson-Molnar:
>
> You'll get used to the Linux folder structure ;) 
>
> As for your problem, it sounds like your FTP user doesn't have 
> filesystem permissions to the folder you're trying to upload to. I would 
> change either owner or group for the folder. 
>
> _Nik 
>
> On 5/14/2012 6:19 PM, doniyor wrote: 
> > hi there, finally i got my djangoproject running on apache server 
> > after 3 days of thinking and googling.. i should say, linux folder 
> > hierarchie is sometimes not really intuitive to grasp.. 
> > 
> > my last problem though: i created a folder outside of the docroot and 
> > now all files are there. so good so far. but, when i try to upload 
> > some file thru filezilla, it says 550 could change to folder or 
> > something like this.. 
> > 
> > is it possible to confiure it so that i can directly upload the site 
> > and apache finds it? 
> > 
> > thanks 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "Django users" group. 
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msg/django-users/-/uyCjvXLiZ8UJ. 
> > To post to this group, send email to django-users@googlegroups.com. 
> > To unsubscribe from this group, send email to 
> > django-users+unsubscr...@googlegroups.com. 
> > For more options, visit this group at 
> > http://groups.google.com/group/django-users?hl=en. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/1ViET_nP-qgJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Apache and wsgi => Where to put my djangoproject files? Please Help!

2012-05-14 Thread doniyor

can you pls give me your email? 

if possible, your skype also, if you can, i would love to discuss it in 
skype.. sofar it is working now, but there are still some questions and 
hesitations... 

thanks :) 


Am Dienstag, 15. Mai 2012 07:35:44 UTC+2 schrieb lawgon:
>
> On Mon, 2012-05-14 at 06:13 -0700, doniyor wrote: 
> > hey lawgon, one more question. i did the steps. but still not 
> > working. 
> > could you please take a look into my whole project on server if i give 
> > you 
> > the access thru PuTty? 
>
>
> no problem - send me the username, password and url offlist. 
> -- 
> regards 
> Kenneth Gonsalves 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/6tipstj3ErMJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: consistent (un)capitalization in form labels

2012-05-14 Thread ?manu*

I know I can use the label argument in every field. However this is
very annoying... also this is very complicated for ModelForms where
labels come from Model attributes, and the verbose_name of these
attributes is not useful since it gets capitalized.

On 13 Mag, 20:44, Ejah  wrote:
> And, you can specify for each field in a form your own label tekst,
> which will overwrite the default.
> See form fields, label.
> Hth
>
> On 13 mei, 20:42, Ejah  wrote:
>
>
>
>
>
>
>
> > I would solve this with css.
> > label {
> >     text-transform: lowercase;}
>
> > Done.
> > Hth.
>
> > On 13 mei, 12:02, "?manu*"  wrote:
>
> > > Hi all,
>
> > > my graphic design prescribes that every label in html FORMS should be
> > > not capitalized and without any suffix. For example, a "my_date" field
> > > should be rendered as:
>
> > > my date > > id="id_date" type="text" class="date" value="10.05.2012" name="date" /
>
> > > >
>
> > > To achieve this I need to set a "label" attribute in every Form. For
> > > ModelForm (Forms automatically created from models) my only
> > > possibility is to rewrite the entire form "by hand" in the HTML
> > > template file.
>
> > > Is there a better way to achieve this beahviour? Is it possible to
> > > redefine the function used to convert the field name to the field
> > > label?
>
> > > E.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: consistent (un)capitalization in form labels

2012-05-14 Thread ?manu*

Nice. I think this will be my solution!

On 13 Mag, 20:42, Ejah  wrote:
> I would solve this with css.
> label {
>     text-transform: lowercase;}
>
> Done.
> Hth.
>
> On 13 mei, 12:02, "?manu*"  wrote:
>
>
>
>
>
>
>
> > Hi all,
>
> > my graphic design prescribes that every label in html FORMS should be
> > not capitalized and without any suffix. For example, a "my_date" field
> > should be rendered as:
>
> > my date > id="id_date" type="text" class="date" value="10.05.2012" name="date" /
>
> > >
>
> > To achieve this I need to set a "label" attribute in every Form. For
> > ModelForm (Forms automatically created from models) my only
> > possibility is to rewrite the entire form "by hand" in the HTML
> > template file.
>
> > Is there a better way to achieve this beahviour? Is it possible to
> > redefine the function used to convert the field name to the field
> > label?
>
> > E.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Apache and wsgi => Where to put my djangoproject files? Please Help!

2012-05-14 Thread kenneth gonsalves

On Mon, 2012-05-14 at 06:13 -0700, doniyor wrote:
> hey lawgon, one more question. i did the steps. but still not
> working. 
> could you please take a look into my whole project on server if i give
> you 
> the access thru PuTty? 


no problem - send me the username, password and url offlist.
-- 
regards
Kenneth Gonsalves

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Use Django to implement my GUI!

2012-05-14 Thread Alec Taylor

No reason to do anything crazy like that.

Forget SOCKETS, use HTTP or HTTPS.

Clientside/mobileside/webside build in HTML+CSS+JS.

#win

On Tue, May 15, 2012 at 9:18 AM, Eugène Ngontang  wrote:
> Hi Jani!
>
> I haven't seen the last statements of your post, whre you say I'm not really
> clear and that i'm building a non-http GUI using Django.
>
>
> OK let's stay on the rendering issue only, and specify things simply. This
> is a simple description of the architecture I want to set up :
>
> - A Client (not a user interface). Client here means a module which is
> installed in a remote computer and communicate with the server via socket.
>
> - A server listening from several remote client (Here i'm not talking yet
> about http request), and receive informatons from them. In fact client must
> be doing actions and send informations about their actions to the server. In
> the oder hand data to be processed by each client is pushed/dispatched by
> the server.
>
> - And admin (not Django Admin, but admin in the sens of my app), destined to
> be the module allowing use of the application. Then the Admin module is part
> of the server and will proviede a GUI for manipulating data in the data
> base. It's in this GUI that users of the application will enter their
> request, by filling a form or clicking a link for exemple. And data from the
> GUI could be stored in the data base, while being send to the remote clients
> (not to be displayed by the client, but to be processed). In the same way,
> informations comming from those clients to the server have to be diplayed in
> the GUI.
>
> With a graphical GUI, The server could have a reference to an object
> representing my GUI, and it will be done.
> But I choose a web GUI for view and administration. It's where Django comes.
>
> And my problem is to make my server being running a network thread,
> receiving data from the GUI(web browser) and sending informations update to
> the GUI (for web page content).
>
> This is really my issue. If all the actions of my server depended on my GUI
> request (http request), I could do what I like behind when handling a http
> request, but while managing http:8080 connexions, the application is running
> another process/thread on another TCP/UDP port.
>
> And yes I want a web GUI.
>
> Is why I'm looking the best way to achieve that. We can exclude Django web
> server, as it will not be used in production for the application deployment.
>
> Hope now it's clear for you, and more for the other users.
>
> Thanks!
>
>
> 2012/5/13 Jani Tiainen 
>>
>> Hi,
>>
>> There is several ways to achieve what you maybe want to do. One of the
>> simplest way is separate frontend (your userinterface) and server backend.
>> You can build your Django application as a service (xml-rpc, json-rpc,
>> restful). That would give you advantage to choose whatever frontend you
>> like. Of course it would add some overhead.
>>
>> On Sun, May 13, 2012 at 1:14 PM, Eugene NGONTANG 
>> wrote:
>>>
>>> Hi!
>>>
>>> I'm a python developper, but new in django.
>>>
>>> I'm devolopping a multi clients-server application.
>>>
>>> The server and the clients are communicating via sockets, The server
>>> receive somme states from clients, and display them in the User
>>> interface.
>>> In the other hand, the server has to send a message(packet) to the
>>> client when an event  occurs in the GUI, and data are stored in a
>>> database.
>>>
>>
>> Note that Django is mainly built for web (HTTP protocol based)
>> applications. In such an environment you run two different things: your GUI
>> (usually browser) that is totally ignorant of server side (Django). Then you
>> send request to some URL, Django routes it to some view and view produces
>> again next output to be displayed in GUI (browser again). One of the common
>> functions in the view is database manipulation.
>>
>>>
>>> Then I choose to make a web interface where data could be viewed and
>>> manipulated. And I discovered Django, which fit all my needs. I tested
>>> and liked the framework.
>>>
>>> My questions are:
>>> - Can I override the djando admin methods so that i can not only
>>> customized my views and html page, but also manipulate objects in
>>> database, so that i can do another action when catching an  event in
>>> the GUi.
>>> For example, taking the django admin tutorial, I would like to do and
>>> action like sending a message the user choose "add a poll". How can I
>>> do those things? Cause I noticed that method that alter data in data
>>> base are part of django admin module and cannot be overriden
>>>
>>
>> You shouldn't "fight against admin". If something cannot be done in the
>> admin you usually get a way with writing your own stuff.
>>
>>>
>>> - To achieve what I want, i would like to run my server engine and my
>>> django admin in two separated threads. How do i run my admin module in
>>> a thread? Cause till now i'm using the command line "python manage.py
>>> runserver
>>
>>
>> Again your GUI woul

Re: Help - Which IDE is best to use.

2012-05-14 Thread Ezequiel Bertti

10x pycharm...

the best one...

the only one made to work with python and django...

On Tue, May 15, 2012 at 12:28 AM, Rivsen  wrote:

> Maybe you can try Sublime Text 2. It's a good IDE or Editor.
>
> 2012/5/15 Harold.Miao 
>
> maybe  eclipse+pydev  is good  IDE
>>
>>
>> 2012/5/15 doniyor 
>>
>>> @Aaron: you are more than right,
>>>
>>>
>>>
>>> Am Montag, 14. Mai 2012 19:44:35 UTC+2 schrieb Aaron C. de Bruyn:
>>>
 Try here:

 https://code.djangoproject.**com/wiki/DjangoResources#**
 IntegratedDevelopmentEnvironme**nts

 But keep in mind, a good carpenter can work with a $5 hammer or a $50
 hammer.  The tools don't make the developer.  (Although they can make
 the job of a good developer easier.)

 -A

 On Mon, May 14, 2012 at 10:39 AM, Sandro Dutra 
 wrote:
 > Again... Please search before create one more of this messages about
 "What's
 > IDE is best?". The best IDE is the IDE you fell confortable using.
 There 666
 > topics about this here, search...
 >
 >
 > 2012/5/14 Eneldo Serrata 
 >>
 >> Aptana or Eclipse with PyDev Plugin
 >> http://pydev.org/
 >>
 >> El 14/05/2012, a las 11:56, Sanjay M escribió:
 >>
 >> I am new to Django, and I was confused in choosing a IDE between
 Eclipse
 >> and aptana studio 3 to edit source code. Kindly suggest me a good
 one.
 >>
 >> Thank you in advance,
 >> Regards,
 >> Sanjay M
 >>
 >>
 >>
 >> --
 >> You received this message because you are subscribed to the Google
 Groups
 >> "Django users" group.
 >> To view this discussion on the web visit
 >> https://groups.google.com/d/**msg/django-users/-/**2LIdVrSuFpQJ.

 >> To post to this group, send email to django-users@googlegroups.com.
 >> To unsubscribe from this group, send email to
 >> django-users+unsubscribe@**googlegroups.com.

 >> For more options, visit this group at
 >> http://groups.google.com/**group/django-users?hl=en.

 >>
 >>
 >> --
 >> You received this message because you are subscribed to the Google
 Groups
 >> "Django users" group.
 >> To post to this group, send email to django-users@googlegroups.com.
 >> To unsubscribe from this group, send email to
 >> django-users+unsubscribe@**googlegroups.com.

 >> For more options, visit this group at
 >> http://groups.google.com/**group/django-users?hl=en.

 >
 >
 > --
 > You received this message because you are subscribed to the Google
 Groups
 > "Django users" group.
 > To post to this group, send email to django-users@googlegroups.com.
 > To unsubscribe from this group, send email to
 > django-users+unsubscribe@**googlegroups.com.

 > For more options, visit this group at
 > http://groups.google.com/**group/django-users?hl=en.


>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msg/django-users/-/IBuwOYUQasQJ.
>>>
>>> To post to this group, send email to django-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> django-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/django-users?hl=en.
>>>
>>
>>
>>
>> --
>>
>> Best Regards,
>> Harold Miao
>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>



-- 
Ezequiel Bertti
E-Mail: eber...@gmail.com
MSN: eber...@hotmail.com
Cel: (21) 9188-4860

VÁ PARA BÚZIOS!!!
http://www.agh.com.br/
Ane Guest House

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.g

Re: Help - Which IDE is best to use.

2012-05-14 Thread Rivsen

Maybe you can try Sublime Text 2. It's a good IDE or Editor.

2012/5/15 Harold.Miao 

> maybe  eclipse+pydev  is good  IDE
>
>
> 2012/5/15 doniyor 
>
>> @Aaron: you are more than right,
>>
>>
>>
>> Am Montag, 14. Mai 2012 19:44:35 UTC+2 schrieb Aaron C. de Bruyn:
>>
>>> Try here:
>>>
>>> https://code.djangoproject.**com/wiki/DjangoResources#**
>>> IntegratedDevelopmentEnvironme**nts
>>>
>>> But keep in mind, a good carpenter can work with a $5 hammer or a $50
>>> hammer.  The tools don't make the developer.  (Although they can make
>>> the job of a good developer easier.)
>>>
>>> -A
>>>
>>> On Mon, May 14, 2012 at 10:39 AM, Sandro Dutra 
>>> wrote:
>>> > Again... Please search before create one more of this messages about
>>> "What's
>>> > IDE is best?". The best IDE is the IDE you fell confortable using.
>>> There 666
>>> > topics about this here, search...
>>> >
>>> >
>>> > 2012/5/14 Eneldo Serrata 
>>> >>
>>> >> Aptana or Eclipse with PyDev Plugin
>>> >> http://pydev.org/
>>> >>
>>> >> El 14/05/2012, a las 11:56, Sanjay M escribió:
>>> >>
>>> >> I am new to Django, and I was confused in choosing a IDE between
>>> Eclipse
>>> >> and aptana studio 3 to edit source code. Kindly suggest me a good
>>> one.
>>> >>
>>> >> Thank you in advance,
>>> >> Regards,
>>> >> Sanjay M
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> You received this message because you are subscribed to the Google
>>> Groups
>>> >> "Django users" group.
>>> >> To view this discussion on the web visit
>>> >> https://groups.google.com/d/**msg/django-users/-/**2LIdVrSuFpQJ.
>>>
>>> >> To post to this group, send email to django-users@googlegroups.com.
>>> >> To unsubscribe from this group, send email to
>>> >> django-users+unsubscribe@**googlegroups.com.
>>>
>>> >> For more options, visit this group at
>>> >> http://groups.google.com/**group/django-users?hl=en.
>>>
>>> >>
>>> >>
>>> >> --
>>> >> You received this message because you are subscribed to the Google
>>> Groups
>>> >> "Django users" group.
>>> >> To post to this group, send email to django-users@googlegroups.com.
>>> >> To unsubscribe from this group, send email to
>>> >> django-users+unsubscribe@**googlegroups.com.
>>>
>>> >> For more options, visit this group at
>>> >> http://groups.google.com/**group/django-users?hl=en.
>>>
>>> >
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> Groups
>>> > "Django users" group.
>>> > To post to this group, send email to django-users@googlegroups.com.
>>> > To unsubscribe from this group, send email to
>>> > django-users+unsubscribe@**googlegroups.com.
>>>
>>> > For more options, visit this group at
>>> > http://groups.google.com/**group/django-users?hl=en.
>>>
>>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/django-users/-/IBuwOYUQasQJ.
>>
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>
>
>
> --
>
> Best Regards,
> Harold Miao
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help - Which IDE is best to use.

2012-05-14 Thread Harold.Miao

maybe  eclipse+pydev  is good  IDE

2012/5/15 doniyor 

> @Aaron: you are more than right,
>
>
>
> Am Montag, 14. Mai 2012 19:44:35 UTC+2 schrieb Aaron C. de Bruyn:
>
>> Try here:
>>
>> https://code.djangoproject.**com/wiki/DjangoResources#**
>> IntegratedDevelopmentEnvironme**nts
>>
>> But keep in mind, a good carpenter can work with a $5 hammer or a $50
>> hammer.  The tools don't make the developer.  (Although they can make
>> the job of a good developer easier.)
>>
>> -A
>>
>> On Mon, May 14, 2012 at 10:39 AM, Sandro Dutra 
>> wrote:
>> > Again... Please search before create one more of this messages about
>> "What's
>> > IDE is best?". The best IDE is the IDE you fell confortable using.
>> There 666
>> > topics about this here, search...
>> >
>> >
>> > 2012/5/14 Eneldo Serrata 
>> >>
>> >> Aptana or Eclipse with PyDev Plugin
>> >> http://pydev.org/
>> >>
>> >> El 14/05/2012, a las 11:56, Sanjay M escribió:
>> >>
>> >> I am new to Django, and I was confused in choosing a IDE between
>> Eclipse
>> >> and aptana studio 3 to edit source code. Kindly suggest me a good one.
>> >>
>> >> Thank you in advance,
>> >> Regards,
>> >> Sanjay M
>> >>
>> >>
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> Groups
>> >> "Django users" group.
>> >> To view this discussion on the web visit
>> >> https://groups.google.com/d/**msg/django-users/-/**2LIdVrSuFpQJ.
>>
>> >> To post to this group, send email to django-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> django-users+unsubscribe@**googlegroups.com.
>>
>> >> For more options, visit this group at
>> >> http://groups.google.com/**group/django-users?hl=en.
>>
>> >>
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> Groups
>> >> "Django users" group.
>> >> To post to this group, send email to django-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> django-users+unsubscribe@**googlegroups.com.
>>
>> >> For more options, visit this group at
>> >> http://groups.google.com/**group/django-users?hl=en.
>>
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Django users" group.
>> > To post to this group, send email to django-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > django-users+unsubscribe@**googlegroups.com.
>>
>> > For more options, visit this group at
>> > http://groups.google.com/**group/django-users?hl=en.
>>
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/IBuwOYUQasQJ.
>
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>



-- 

Best Regards,
Harold Miao

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Admin user privilege elevation (how to prevent it)

2012-05-14 Thread Russell Keith-Magee

On Tue, May 15, 2012 at 8:59 AM, Stephen McDonald  wrote:
> Stephen from Mezzanine here - thanks for the thorough response Russ.
>
> The cleansing process we go through is very rigorous - we're leaning
> on the shoulders of tools that have solved this problem (in our case
> the bleach library). It uses a white-list of tags and attributes, so
> all those tricky edge cases around event handlers as attributes are
> solved with a well-documented white-list based on known XSS vectors.

Hi Stephen,

Just to be clear to everyone -- I'm not accusing Mezzanine of doing
something wrong here. As far as I can make out, Mezzanine is doing the
very best it can do under the circumstances. Leveraging an existing
trusted library for cleansing is the best possible solution given the
constraints for this particular problem.

Unfortunately, as you've pointed out, there's no way to do it the
"right way" (i.e., not trusting user content) in this case, so the
best you can do is lock down everything as much as possible, and give
users what remains of the shotgun and hope they don't point it at
anything too critical :-)

Russ %-)

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Admin user privilege elevation (how to prevent it)

2012-05-14 Thread Stephen McDonald

Stephen from Mezzanine here - thanks for the thorough response Russ.

The cleansing process we go through is very rigorous - we're leaning
on the shoulders of tools that have solved this problem (in our case
the bleach library). It uses a white-list of tags and attributes, so
all those tricky edge cases around event handlers as attributes are
solved with a well-documented white-list based on known XSS vectors.

The reality of it is though, is that you're going to have projects
where the people paying for it want to be able to add their own HTML
content, scripts included. In this case I feel the correct approach is
to give them this option, and educate them on the consequences, and
subsequent level of trust required for anyone they give access to.

So we've ended up defining a setting with various cleansing levels -
the default is high, which will strip out any possible vector via tag/
attribute. The next is medium, which will allow things such as tags
required for embedding video. We had multiple reports within days of
adding the cleansing process: "help! I've updated to the latest
version and I can't add videos anymore". With this level we still
remove scripts and known event handling tag attributes. There's
probably an exploitable vector even with the tags and attributes we
allow simply for embedding videos. Then the final level disables
cleansing entirely - you can turn it off, please know what you're
doing (with very loud warnings shown around this).

I fully appreciate the technical approach of never trusting user
content, and if I had it my way, this is the path we would take. But
in reality it just doesn't cut it. Users need these features, and
every scenario is going to be different - different content
requirements, different user structures. I feel like the approach
we've taken is the closest we can get to balancing security and
usability.

On May 12, 12:13 pm, Russell Keith-Magee 
wrote:
> On Sat, May 12, 2012 at 5:11 AM, Josh Cartmell  wrote:
> > I work a lot with Mezzanine which is a CMS that uses Django.  A
> > security issue was recently revealed where an admin user, lets call
> > him A, (they can post rich content) could put a cleverly constructed
> > javascript on a page such that if a superuser, let's call her B, then
> > visited the page it would elevate A to superuser status (a more
> > thorough explanation is here:
> >http://groups.google.com/group/mezzanine-users/browse_thread/thread/1...).
> > Apparently any django app which allowed admin users to post arbitrary
> > html would be vulnerable.
>
> > My first thought was that csrf protection should prevent this but alas
> > that is not the case.  The only real solution found is to restrict
> > admin users from posting any javascript in their content, unless you
> > completely trust the admin users.
>
> This isn't a CSRF issue. CSRF stands for Cross Site Request Forgery. A
> CSRF attack is characterised by:
>
>  * A user U on site S, who has credentials for the site S, and is logged in.
>
>  * An attacking site X that is visited by U.
>
>  * Site X submits a form (by POST or GET) directly to site S; because
> U is logged in on S, the post is accepted as if it came from U
> directly.
>
> CSRF protection ensures that site X can't submit the form on the
> behalf of U - the CSRF token isn't visible to the attacker site, so
> they can't provide a token that will allow their submission to be
> accepted.
>
> What you're referring to is an injection attack. An injection attack
> occurs whenever user content is accepted and trusted on face value;
> the attack occurs when that content is then rendered.
>
> The canonical example of an injection is "little johnny 
> tables":http://xkcd.com/327/
>
> However, the injected content isn't just SQL; all sorts of content can
> be injected for an attack. In this case, you're talking about B
> injecting javascript onto a page viewed by A; when A views the page,
> the javascript will be executed with A's permissions, allowing B to
> modify the site as if they A.
>
> Django already has many forms of protection against injection attacks.
> In this case, the protection comes by way of Django's default template
> rendering using escaped mode. If you have a template:
>
> {{ content }}
>
> and context (possibly extracted from the database):
>
> alert('hello')
>
> Django will render this as:
>
>