Re: Android browser and csrf protection

[Ivan Uemlianin]

Dear All

Just to follow up slightly:

- iPhone and Blackberry browsers access the site properly;
- the Android browser gets the csrf errors with django 1.2 and django
1.3
- with another site I'd developed earlier on django 1.2, the Android
browser passes csrf verification properly.
- the "failing" site is on webfaction, the Working" site is on a bare
machine (centos, nginx, etc).

Does anyone have any suggestions as to what's going on?  Why should
the Android browser be behaving differently to all the others?

Best wishes

Ivan

On Oct 19, 3:17 pm, Ivan Uemlianin <ivan.llai...@gmail.com> wrote:
> Dear All
>
> I have a django webapp with a very simple login page, a form with
> username, password and the {% csrf %} tag.  The page works as expected
> when using Chrome, Firefox and Safari, but when trying to login from
> my Android phone browser, the page returns the "CRSF verification
> failed" error page (django running debug=True for the moment).
> However, I have been logged in: if I reload the page, I get the page I
> was expecting, along with the user details.
>
> eg.com/login/  #  ok, enter username "tu01", password, send
> eg.com/profile/  #  error: csrf verification failed, reload
> eg.com/profile/  #  ok, "tu01"'s homepage
>
> Has anyone else had odd behaviour like this from the Android browser?
> Can anyone suggest what might be the problem?
>
> (Haven't tested with iPhone or Blackberry yet, will do do this
> evening).
>
> With thanks and best wishes
>
> Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Android browser and csrf protection

[Ivan Uemlianin]

Dear All

I have a django webapp with a very simple login page, a form with
username, password and the {% csrf %} tag.  The page works as expected
when using Chrome, Firefox and Safari, but when trying to login from
my Android phone browser, the page returns the "CRSF verification
failed" error page (django running debug=True for the moment).
However, I have been logged in: if I reload the page, I get the page I
was expecting, along with the user details.

eg.com/login/  #  ok, enter username "tu01", password, send
eg.com/profile/  #  error: csrf verification failed, reload
eg.com/profile/  #  ok, "tu01"'s homepage

Has anyone else had odd behaviour like this from the Android browser?
Can anyone suggest what might be the problem?

(Haven't tested with iPhone or Blackberry yet, will do do this
evening).

With thanks and best wishes

Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: csrf protection and testing with tsung

[Ivan Uemlianin]

Dear Malcom

Thanks very much for your help!  You were exactly right.  The
following config works (simplified for exposition).

Best wishes

Ivan




  
  





  





On Jun 21, 5:54 pm, Malcolm Box <malcolm@gmail.com> wrote:
> On 21 June 2011 16:48, Ivan Uemlianin <ivan.llai...@gmail.com> wrote:
>
> > With tsung you record a site visit (called a session) --- log in, view
> > various pages, do a few things, log out --- and tsung will then hit
> > the site with lots of randomised versions of this session.
>
> > Many of the views are csrf protected, and the automated requests tsung
> > generates don't get through the protection.  For the moment I'm just
> > commenting out the csrf middleware in settings.py, but this is
> > obviously inconvenient.
>
> I think you'll need to do some work with dyn_variable to pull the csrf
> token out of the original form and re-inject it into the post you send
> back. As far as I understand it, all that the csrf protection is is an
> opaque value hidden in any form that needs to be present in the
> submitted version to be valid. That stops "loose" posts fromCSRF
> attacks working as they don't know the magic key.
>
> Malcolm

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: csrf protection and testing with tsung

[Ivan Uemlianin]

Dear Malcolm

Thanks, this is a good clue.  I'll try it out tomorrow and report back.

Best wishes

Ivan


On 21/06/11 17:54, Malcolm Box wrote:

On 21 June 2011 16:48, Ivan Uemlianin<ivan.llai...@gmail.com>  wrote:

With tsung you record a site visit (called a session) --- log in, view
various pages, do a few things, log out --- and tsung will then hit
the site with lots of randomised versions of this session.




Many of the views are csrf protected, and the automated requests tsung
generates don't get through the protection.  For the moment I'm just
commenting out the csrf middleware in settings.py, but this is
obviously inconvenient.



I think you'll need to do some work with dyn_variable to pull the csrf
token out of the original form and re-inject it into the post you send
back. As far as I understand it, all that the csrf protection is is an
opaque value hidden in any form that needs to be present in the
submitted version to be valid. That stops "loose" posts from CSRF
attacks working as they don't know the magic key.

Malcolm




--

Ivan A. Uemlianin
Speech Technology Research and Development

i...@llaisdy.com
 www.llaisdy.com
 llaisdy.wordpress.com
 www.linkedin.com/in/ivanuemlianin

"Froh, froh! Wie seine Sonnen, seine Sonnen fliegen"
 (Schiller, Beethoven)


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

csrf protection and testing with tsung

[Ivan Uemlianin]

Dear All

I have a live(ish) django website which I'm testing with tsung.

With tsung you record a site visit (called a session) --- log in, view
various pages, do a few things, log out --- and tsung will then hit
the site with lots of randomised versions of this session.

Many of the views are csrf protected, and the automated requests tsung
generates don't get through the protection.  For the moment I'm just
commenting out the csrf middleware in settings.py, but this is
obviously inconvenient.

Has anyone used tsung on csrf-protected views?  If so, how did you do
it?

Has anyone done similar automated requests on csrf-protected views?
How?

I've read the django docs about csrf protection, but I'm not quite
clear how it works.  Can anyone point me to documentation on how it
works (and then I might be able to write something into the tsung
scripts to comply with it).

With thanks and best wishes

Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE

[Ivan Uemlianin]

Dear Tom

Thanks for your comment.

My use case is a "presence"-type system.  When a user logs out their
status change is sent out to all other logged-in users (using comet).
If they just close the browser this doesn't happen.  I'm mulling over
two possible solutions:

(a) some bit of javascript that will logout the user if they close the
browser or navigate away from the site (but I don't know if you can do
the former with js; and the latter to work properly if they have other
tabs still on the site).  It requires javascript, but it's a fairly
javascript-heavy site anyway.

(b) something using SESSION_COOKIE_AGE.  Set it to a few minutes and
have something running that will logout any users with expired
sessions (and delete the session too).  Unfortunately the javascript
GET requests for the comet don't go through django, so they won't keep
the session alive.  Setting SESSION_COOKIE_AGE too low will risk
logging out against users' wishes, but setting it to much more than a
few minutes will render this solution useless.  This solution doesn't
feel right at all.

If (a) is possible I think I'll go with that.

Best

Ivan




On Jan 31, 2:42 pm, Tom Evans <tevans...@googlemail.com> wrote:
> On Mon, Jan 31, 2011 at 2:21 PM, Ivan Uemlianin <i...@llaisdy.com> wrote:
> > Dear All
>
> > Is the setting SESSION_EXPIRE_AT_BROWSER_CLOSE mis-named?  As far as I
> > can tell the setting doesn't influence the session expiry at all
> > (e.g., what happens to the django_session table on the server).  What
> > this setting seems to affect is the expiry of the *cookie* in the
> > browser.
>
> > I'm looking into a way for django to detect users no longer on the
> > site (i.e. authenticated users who rather than logout, have navigated
> > away from the site or closed their browser).  From the name, I had
> > thought this setting would be useful.  It looks like it'll be useful
> > for the client side, but for the server side it's irrelevant surely?
> > A clearer name would be something like
> > SESSION_COOKIE_EXPIRE_AT_BROWSER_CLOSE.
>
> > Best wishes
>
> > Ivan
>
> The result of the session cookie expiring is that the session key
> stored in that cookie is no longer retained by the browser, and
> effectively, the session has expired. Whilst I see your point, it's a
> bit pedantic and unlikely to be changed.
>
> The only way to determine if the user is still active if they do not
> actively log out is to treat them as logged in if they have an 'active
> session'. How you define 'active session' is up to you; I treat any
> unexpired session as active, and set settings.SESSION_COOKIE_AGE to
> something appropriate (2 week long sessions do not appeal to me).
> I can then answer the question "How many distinct sessions are
> currently active" (not "How many distinct users are currently active",
> nor "How many users are currently using the site").
>
> Cheers
>
> Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE

[Ivan Uemlianin]

Dear All

Is the setting SESSION_EXPIRE_AT_BROWSER_CLOSE mis-named?  As far as I
can tell the setting doesn't influence the session expiry at all
(e.g., what happens to the django_session table on the server).  What
this setting seems to affect is the expiry of the *cookie* in the
browser.

I'm looking into a way for django to detect users no longer on the
site (i.e. authenticated users who rather than logout, have navigated
away from the site or closed their browser).  From the name, I had
thought this setting would be useful.  It looks like it'll be useful
for the client side, but for the server side it's irrelevant surely?
A clearer name would be something like
SESSION_COOKIE_EXPIRE_AT_BROWSER_CLOSE.

Best wishes

Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Pinax: worth installing?

[Ivan Uemlianin]

Dear ashdesigner

I haven't tried Pinax for a while but last time I did (June 2009) I
got the impression that it was an all-or-nothing affair.  Pinax was
marketing itself as a "social networking site in a box" and if that's
what you wanted, it was a reasonable choice.  However, it turned out
that I required only a few of the apps in pinax, and quite a few other
apps not in pinax.  After some experimenting and toing and froing, I
decided it would be much simpler to build something from scratch (of
course with django these days "from scratch" is not really from
scratch).

If someone's objective was to learn about django, I don't think Pinax
would be a good choice at all, partly because all the work has already
been done for you.  Mingus might be better for that, as it was created
as a case study of django applications working together.

I second Cal Leeming's question: can anyone point to Pinax sites in
the wild?

Best wishes

Ivan


On Jan 19, 8:37 am, Oscar Carballal  wrote:
> O Mar, 18-01-2011 ás 21:37 -0800, Gath escribiu:
>
>
>
> > Magee,
>
> > Wow! Now thats what we call a response.
>
> > You made me understand this subject more.
>
> > Thanks a lot Magee.
>
> > Gath.
>
> > On Jan 18, 5:32 pm, Russell Keith-Magee 
> > wrote:
> > > On Tue, Jan 18, 2011 at 9:43 PM, Cal Leeming [Simplicity Media Ltd]
>
> > >  wrote:
> > > > I would be interested to hear from anyone who has usedPinaxin 
> > > > production.
> > > > Although I am discouraged by the maturity (only 2 years old?), it does 
> > > > seem
> > > > to contain some useful features.
> > > > Personally, I would have liked to have seen some of these features 
> > > > merged
> > > > into the Django core, rather than forked into a separate project, but 
> > > > that's
> > > > just me.
>
> > > I think we need to clear up some misconceptions here.
> > > [...]
> > > However, for most "websitey" websites, this won't be an issue --
> > >Pinax'sconventions are, for the most part, a bunch of practices that
> > > you should probably be following anyway --Pinaxjust forces/provides
> > > the tools to help you to follow them :-)
>
> +1
>
> I tried to usepinaxfor a project I'm developing right now and after a
> while I decided to leave it and start from scratch. As Russ says,pinax
> works pretty well if your needs follow the ones established bypinax
> (social sites, intranets, etc.) but if you ever need other thing, or
> just need an application frompinax, it's a pain to do it.
>
> Pinaxteam is rewriting most of the code to meet some standard
> conventions and make the applications less attached to thepinaxmain
> code. Also, some of the bundled projects are completely outdated, though
> they work well, but if you use one of those (for example the social
> site, it's the most outdated) you'll probably need to do a lot of
> improvements on your own).
>
> If you want to trypinaxtry the development version (it's two versions
> ahead of the stable), they are doing a good work.
>
> Regards,
> Oscar Carballal

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Chat application in Django

[Ivan Uemlianin]

Dear Shamail

It depends on your host.  Serving real-time content over the web
requires a web server that can do server push (e.g., Twisted, Tornado,
ejabberd, etc.).  If your host will let you install your own web
server, you're fine.

If your host insists on apache, ... I think server push is possible
with apache, ...  If you're sharing web server resources, your hosts
might not be too friendly about your doing server push.

If you can't run these systems with your current host, try them out on
your own machine while you're looking for a new host;)

Best wishes

Ivan


On Sep 3, 3:02 pm, Shamail Tayyab  wrote:
> Hi Ivan,
>
>   This looks promising, could you also throw some light on how hosting
> friendly this set up will be?
>
> Thanks
>
> On Fri, Sep 3, 2010 at 7:13 PM, Salman (shaq) Haq  
> wrote:
>
>
>
> > Hi guys,
>
> > I am the author of a 'A simple experiment with Hookbox' (see below).
>
> > Just wanted chime in and say that Hookbox is under development right
> > now
> > but it is looking very promising. A few people have deployed chat
> > applications
> > for high traffic websites using it already. The simplicity of Hookbox
> > is a major strength.
>
> > Hotdot is based on Orbited, which is also a framework by the author of
> > Hookbox.
>
> > A new feature coming up in Hookbox is the 'private message api' which
> > allows
> > messages to be passed from one client to another client rather simply.
> > I've been following
> > the mailing and people have already started posting demo code using
> > this feature.
>
> > Hope this helps.
>
> > Best,
> > Shaq
>
> > On Sep 1, 10:05 am, yves_s  wrote:
> >> I also looking for realtime messaging for django and found this two
> >> links.
>
> >>http://www.clemesha.org/blog/realtime-web-apps-python-django-orbited-...
>
> >>http://bitshaq.com/2010/07/30/a-simple-experiment-with-hookbox/
>
> >> yves
>
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "Django users" group.
> > To post to this group, send email to django-us...@googlegroups.com.
> > To unsubscribe from this group, send email to 
> > django-users+unsubscr...@googlegroups.com.
> > For more options, visit this group 
> > athttp://groups.google.com/group/django-users?hl=en.
>
> --
> Shamail Tayyab
> Blog:http://shamail.in/blog

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Chat application in Django

[Ivan Uemlianin]

Dear Shamail

As well as the resources already mentioned, I mention a few on this
comment on a similar thread in May:


http://groups.google.com/group/django-users/browse_thread/thread/6032003efcf2c2df/0575d5b54ecd5254#0575d5b54ecd5254

Hotdot (django, orbited and twisted) is good for realtime chat, and
easy to set up.  Whether Twisted is a pro or a com I leave up to you.

Speeqe is a hybrid system with django collaborating with an ejabberd
server for the realtime content.  In the long run this is probably
more robust (however, I'm afraid I haven't got round to testing it
myself).

Do let us know how you got on.

Best wishes

Ivan

On Sep 1, 3:05 pm, yves_s  wrote:
> I also looking for realtime messaging for django and found this two
> links.
>
> http://www.clemesha.org/blog/realtime-web-apps-python-django-orbited-...
>
> http://bitshaq.com/2010/07/30/a-simple-experiment-with-hookbox/
>
> yves

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: One to One chat like Facebook?

[Ivan Uemlianin]

Dear Anand

Frederico Caceres' app [1,2] is worth a look, but note that it uses
old-style repeated polling of the server.

Alex Clemesha has written an exciting piece on developing real-time
web apps with Django, Orbited and Twisted [3].  His demo application,
hotdot [4], includes a real-time chat application.

His blog also mentions Speeqe [5], which is a chat application
integrating Django and ejabberd, the erlang xmpp server.

Let us know how you get on.

Best wishes

Ivan

[1]  
http://pythonhaven.wordpress.com/2009/07/13/django-powered-ajax-chat-%E2%80%93-part-2/
[2]  
http://llaisdy.wordpress.com/2009/10/13/adding-a-django-application-to-pinax/
[3]  
http://www.clemesha.org/blog/2009/dec/17/realtime-web-apps-python-django-orbited-twisted/
[4]  http://clemesha.org/projects/hotdot/
[5]  http://code.stanziq.com/speeqe


On May 16, 11:13 am, Anand Agarwal  wrote:
> Hi All
>
> Is there any chat application in django similar to facebook chat?
>
> Regards
> Anand
> Got an Idea? BootStrap it Today!!
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group 
> athttp://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: django with mod_wsgi on centos

[Ivan Uemlianin]

@Graham see my reply this morning to your post on the modwsgi list:

http://groups.google.com/group/modwsgi/browse_thread/thread/a157d0eba50b826a

@Sam I didn't change the home directory permissions on either machine:
they seem to have different default settings (775 on ubuntu, 700 on
centos).

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: django with mod_wsgi on centos

[Ivan Uemlianin]

Dear All

The nginx/fastcgi set up is now working (there's an easy-to-follow
howto on the django advent site [1]).

Embarrasingly I may have stumbled upon what was getting me 403s with
mod_wsgi, and it's nothing to do with apache or mod_wsgi.  After
setting up nginx with fastcgi I got the same 403.  Although the
"mysite" directory and everything under it had permissive permissions,
the user's home directory was 700:

/home/siteuser/mysite/775
/home/siteuser/   700

I changed the latter to 775 to and everything went smoothly.  I didn't
test it but apache/mod_wsgi will probably work too now.  Doh!

@Tom thanks for your suggestion.  When I used to use apache (LOL) I
would generally have the django app outside of DocumentRoot.  I think
changing permissions as above would fix things.  Otherwise I don't see
why an apache config set up that works on ubuntu would raise 403s on
centos (just checked: on the ubuntu machine /home/siteuser/ was 775).

Best wishes

Ivan

[1]  http://djangoadvent.com/1.2/deploying-django-site-using-fastcgi/

On May 10, 10:25 am, Tom Evans <tevans...@gmail.com> wrote:
> On Mon, May 10, 2010 at 9:39 AM, Ivan Uemlianin <i...@llaisdy.com> wrote:
> > Dear Kenneth
>
> > Thanks for your suggestion.
>
> > I tried
>
> >    $ chmod -R a+x mysite
>
> > (where mysite is the django site directory)
>
> > and stopped and started apache, but no effect.
>
> > I'm finding nginx a lot easier to work with than apache, especially
> > CentOS' apache.  My plan now is to get rid of apache altogether and
> > have nginx talk to django directly via fastcgi (e.g., [1]) (will also
> > give me an excuse to try out git instead of svn).  If you don't hear
> > back from me in a day or two, it worked.
>
> > With thanks and best wishes
>
> > Ivan
>
> > [1]  http://code.djangoproject.com/wiki/ServerArrangements#nginx
>
> Good luck with setting up your pure nginx configuration. Your apache
> configuration did not work because you had not granted apache access
> to the required on disk folders.
>
> You didn't mention this in your configuration, but you must allow
> access to your DocumentRoot in your vhost:
>
> 
>   ServerName foo
>   DocumentRoot /path/to/foo/htdocs
>   
>     Order allow,deny
>     Allow from all
>   
>   WSGIScriptAlias /app/ /path/to/foo/run/app.wsgi
> 
>
> Cheers
>
> Tom
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group 
> athttp://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: django with mod_wsgi on centos

[Ivan Uemlianin]

Dear Kenneth

Thanks for your suggestion.

I tried

$ chmod -R a+x mysite

(where mysite is the django site directory)

and stopped and started apache, but no effect.

I'm finding nginx a lot easier to work with than apache, especially
CentOS' apache.  My plan now is to get rid of apache altogether and
have nginx talk to django directly via fastcgi (e.g., [1]) (will also
give me an excuse to try out git instead of svn).  If you don't hear
back from me in a day or two, it worked.

With thanks and best wishes

Ivan

[1]  http://code.djangoproject.com/wiki/ServerArrangements#nginx


On May 8, 4:26 pm, Kenneth Gonsalves <law...@au-kbc.org> wrote:
> On Saturday 08 May 2010 20:32:51 Ivan Uemlianin wrote:
>
> > Can anyone suggest to me which permissions I need to change and to
> > what?  Presumably read/write permissions to some file or directory but
> > which one(s)?
>
> I do not know whether this will help, but I have seen permission denied errors
> in mandriva and fedora when the relevant directories/files are not executable
> by all. Maybe a chmod a+x would help.
> --
> Regards
> Kenneth Gonsalves
> Senior Associate
> NRC-FOSS at AU-KBC
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group 
> athttp://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

django with mod_wsgi on centos

[Ivan Uemlianin]

Dear All

I know this is strictly speaking off topic, so please forgive me.  I 
have asked at the mod_wsgi list.


On an Ubuntu machine I have a working django site, using nginx, apache 
and mod_wsgi.  Now I am having to install the site on a CentOS machine.  
Everything is working, apart form one thing: apache is returning 403 
permission denied when I try to access the wsgi script.


I have carefully followed the mod_wsgi installation and configuration 
instructions, and scoured the blogs, forums, and wikis of the web.  I 
have tried many things, but nothing will shift that 403. 

Below is a summary of the install and config steps I took and the fixes 
I've tried.  Can anyone suggest anything I've missed?


Can anyone suggest to me which permissions I need to change and to 
what?  Presumably read/write permissions to some file or directory but 
which one(s)?


Please let me know if you need more information.

Can anyone help? Unfortunately, I think we have to stick with CentOS.

With apologies, thanks and best wishes

Ivan

* What I did

As CentOS uses python 2.4, I installed python 2.6 into /opt.  I compiled 
from source using the following configure:


   ./configure --prefix=/opt --enable-ipv6 --with-threads --enable-shared

I made the libpython so available

$ cd /opt/lib/python2.6/config
$ ln -s ../../libpython2.6.so .

$ cat >> /etc/ld.so.conf.d/opt-python2.6.conf
/opt/lib
^D
$ ldconfig

$ cp /etc/ld.so.conf.d/opt-python2.6.conf /etc/ld.so.conf.d/python2.6.conf
(added later; just in case)

When compiling mod_wsgi from source I used the following configure:

   ./configure --with-python=/opt/bin/python

The resulting mod_wsgi.so is about 395k and is loading the python so:

# ls -l mod_wsgi.so
-rwxr-xr-x 1 root 385009 Apr 29 11:44 mod_wsgi.so
# ldd mod_wsgi.so
   libpython2.6.so.1.0 => /opt/lib/libpython2.6.so.1.0 
(0x2b249eec)

   libpthread.so.0 => /lib64/libpthread.so.0 (0x2b249f26f000)
   libdl.so.2 => /lib64/libdl.so.2 (0x2b249f48a000)
   libutil.so.1 => /lib64/libutil.so.1 (0x2b249f68f000)
   libm.so.6 => /lib64/libm.so.6 (0x2b249f892000)
   libc.so.6 => /lib64/libc.so.6 (0x2b249fb15000)
   /lib64/ld-linux-x86-64.so.2 (0x003dd100)

The django app and its django_wsgi.py wgi script are outside of document 
root.  django_wsgi.py has permissions 755, as does its containing directory.


Here are some relevant apache configs I'm using:

NameVirtualHost *:8080
Listen 127.0.0.1:8080

LoadModule  wsgi_module  modules/mod_wsgi.so
AddHandler wsgi-script  .wsgi
WSGISocketPrefix  run/wsgi

WSGIPythonHome  /home/path/to/py26/sys/prefix


   # ...
   WSGIScriptAlias  /  /path/to/django/app/apache/django_wsgi.py

   
   Order deny,allow
   Allow from all
   



The error in apache's error logs is just:

[error] [client 127.0.0.1] (13)Permission denied: access to / denied

And it's the same error with LogLevel set to info.

I have tried disabling selinux: no effect.
I have tried switching the CentOS machine off and on again: no effect.
I have tried the example wsgi script in the mod_wsgi wiki quick 
configuration page: still a 403.
I have not tried daemon mode: sounds good but doesn't look like it would 
address my current problem.





--

Ivan A. Uemlianin
Speech Technology Research and Development

   i...@llaisdy.com
www.llaisdy.com
llaisdy.wordpress.com
www.linkedin.com/in/ivanuemlianin

   "Froh, froh! Wie seine Sonnen, seine Sonnen fliegen"
(Schiller, Beethoven)


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

django-simplepages "stable"?

[Ivan Uemlianin]

Dear All

I need a basic CMS and django-simplepages looks like it should fit the
bill.  I notice it hasn't had any changes since Aug 2008, or issues
posted since Feb 2009.  Does this mean it's "stable" or "broken"?  Is
anyone using it?

I've noticed an error in simplepages/models.py:

 5from django import forms
  ...
35class HTMLTextField(forms.TextField):
  ...

django.forms has no TextField.  I'm thinking of changing it to
forms.CharField.

Does anyone have (recent) experience of using simplepages?  Is it
bascially usable, or is it full of holes?

Thanks and best wishes

Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Creating sample users for testing

[Ivan Uemlianin]

Dear Dave

Thanks, that does look useful.  Seeing Ian's solution I was wondering
if I could manage.py in some way.

Best wishes

Ivan

On Mar 23, 4:55 pm, Dave Murphy <d...@schwuk.com> wrote:
> On Mon, Mar 22, 2010 at 12:26 PM, Ivan Uemlianin <i...@llaisdy.com> wrote:
>
> > I'm now thinking a fixture might not be the right way to go: it might
> > be better to have a little script to add users once syncdb is done.
> > As well as allowing me to provide plain text passwords, I could easily
> > add site-specific attributes when I need them (dave.favourite_colour =
> > 'orange'; bob.online = True, etc).
>
> > Is that second method just reinventing the fixture, or is it more
> > appropriate here?
>
> It depends if you're going to be doing this more than once. If it's only
> once, then maybe a fixture is good enough. If you're going to be doing this
> more than once, and tweaking things over time then there's nothing wrong
> with a custom script. I chose the latter for my recent version of this
> dilemma, and I'm quite happy with it.
>
> You might be interested in custom management commands:
>
>  *http://docs.djangoproject.com/en/1.1/howto/custom-management-commands...
>
> --
> Dave Murphyhttp://schwuk.com

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: How to set a prompt for a choiceField?

[Ivan Uemlianin]

Very sorry everybody: I googled around tons, but I didn't search this
group! LOL.  I'll know next time.

Adding an "invalid" choice to a ChoiceField?
http://groups.google.com/group/django-users/browse_thread/thread/dd6d8eb11f915c94/77aa6fbea94af4c4?lnk=gst=choicefield#77aa6fbea94af4c4

This works:

 colours = (('','Please choose a colour:'),('r','Red'),
('g','Green'),('b','Blue))
 # ...
 fave_colour = forms.ChoiceField(choices=colours)

Django's automagical form validation means the form cannot be
submitted without choosing a colour, and somehow (because empty string
always sorts before anything else?) the 'invalid' choice is displayed
by default and can act as a prompt.

Thanks (for the facility), apologies and best wishes

Ivan


On Mar 23, 2:56 pm, Ivan Uemlianin <i...@llaisdy.com> wrote:
> Dear All
>
> I have a choiceField in one of my forms, and I'd like to have it
> rendered displaying a prompt.  I think the html would be something
> like this:
>
>     
>         Please choose a colour:
>         Red
>         Green
>         Blue
>     
>
> This would display a drop-down menu showing "Please choose a colour:".
>
> The form field would be something like this:
>
>     colours = (('r','Red'),('g','Green'),('b','Blue))
>     # ...
>     fave_colour = forms.ChoiceField(choices=colours)
>
> The problem is, this displays one of the choices.  I'd much prefer a
> prompt (in fact for our application, displaying one of the choices, as
> if it were a kind of 'default', is not at /all/ appropriate).
>
> I've tried
>
>     fave_colour = forms.ChoiceField(label="Please choose a colour:"
>                                     choices=colours)
>
> and
>
>     fave_colour = forms.ChoiceField(initial="Please choose a colour:"
>                                     choices=colours)
>
> and I've scoured the net for clues, but found nothing which works.
>
> Please can anyone here help me work out how to do this with
> django.forms?
>
> With thanks and best wishes
>
> Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

How to set a prompt for a choiceField?

[Ivan Uemlianin]

Dear All

I have a choiceField in one of my forms, and I'd like to have it
rendered displaying a prompt.  I think the html would be something
like this:


Please choose a colour:
Red
Green
Blue


This would display a drop-down menu showing "Please choose a colour:".

The form field would be something like this:

colours = (('r','Red'),('g','Green'),('b','Blue))
# ...
fave_colour = forms.ChoiceField(choices=colours)

The problem is, this displays one of the choices.  I'd much prefer a
prompt (in fact for our application, displaying one of the choices, as
if it were a kind of 'default', is not at /all/ appropriate).

I've tried

fave_colour = forms.ChoiceField(label="Please choose a colour:"
choices=colours)

and

fave_colour = forms.ChoiceField(initial="Please choose a colour:"
choices=colours)

and I've scoured the net for clues, but found nothing which works.

Please can anyone here help me work out how to do this with
django.forms?

With thanks and best wishes

Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Creating sample users for testing

[Ivan Uemlianin]

Dear Ian

That's great!  Exactly my use case.  Thanks very much for your help.

Best wishes

Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Creating sample users for testing

[Ivan Uemlianin]

Dear All

I'd like to create a bunch of sample users for testing a django
website.  I was going down the road of using an initial_data fixture,
but there seem to be a couple of problems with this:

- Can I supply partial data in initial_data, i.e. only auth.user info
(at the moment, username and password, and it seems to require last
login)?  When I do this, syncdb persists in asking me for an admin
user (even when the previously given admin user still works).

- How should I specify the password field in the fixture?  dumpdata
outputs a hash.  Do I need to write some script to generate hashes
from given passwords?

I'm now thinking a fixture might not be the right way to go: it might
be better to have a little script to add users once syncdb is done.
As well as allowing me to provide plain text passwords, I could easily
add site-specific attributes when I need them (dave.favourite_colour =
'orange'; bob.online = True, etc).

Is that second method just reinventing the fixture, or is it more
appropriate here?

Thanks and best wishes

Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Where is csrf middleware for Django 1.1.1?

[Ivan Uemlianin]

Dear All

I am trying to locate the csrf middleware.  I have Django 1.1.1 but it
doesn't seem to have the module as documented [1]:

$ python manage.py shell
>>> import django
>>> django.VERSION
(1, 1, 1, 'final', 0)
>>> import django.contrib.csrf.middleware.CsrfMiddleware
Traceback (most recent call last):
  File "", line 1, in 
ImportError: No module named CsrfMiddleware
>>> import django.contrib.csrf.middleware.CsrfViewMiddleware
Traceback (most recent call last):
  File "", line 1, in 
ImportError: No module named CsrfViewMiddleware
>>> import django.contrib.csrf.middleware.CsrfResponseMiddleware
Traceback (most recent call last):
  File "", line 1, in 
ImportError: No module named CsrfResponseMiddleware
>>> import django.contrib.csrf.middleware
>>>

Please can anyone help me resolve this problem?

Best wishes

Ivan


[1] csrf for 1.1
http://docs.djangoproject.com/en/1.1/ref/contrib/csrf/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django and chat

[Ivan Uemlianin]

Xiong

Thanks for your comment.  Good questions.

I envisage a social networking website, based on Django.  The website
will provide a chat facility for users who are logged in: multi-user
chatrooms and private chat (I has been thinking of 1-to-1 as a special
case of multi-user).  Django-integration because certain chat
functions might have to access Django-centric information (eg
different types of user displayed differently; perhaps a django
moderation module).

If there is a standard embeddable thingamajig, that may well be the
way to go.  Can you recommend any that would fit the above usage?

Best

Ivan

> Are you looking for a multi-user chatroom, or private chat?  I'm
> guessing you want the first, but you included a jabber client in there
> as well, which, to my knowledge, only supports 1-to-1 conversations.
>
> The approach I've seen for most sites is to have a web interface to an
> irc room, so that you can chat without having an irc client, or with
> one, if you prefer.  I know that Rizon just announced an embeddable
> client for their network, and a quick google finds all sorts of
> different embeddable clients.  What specifically do you need Django-
> integration for, as opposed to a standard java/javascript embeddable
> thingamajig?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Django and chat

[Ivan Uemlianin]

Dear All

I am looking into using or developing a chat application for Django,
for use in a social networking website based on the Pinax Django
"distribution".

I have searched for django-based chat applications and found very
little.  Below I list briefly what I've found.  Please could anyone
let me know if I've missed any significant projects.

There seem to be two very different kinds of technology being used in
these projects.  Some of the projects (eg django-chat) use the "same
old" approach of repeatedly polling the server at regular intervals
that lightweight chat apps in other languages use; some of the
projects use the comet approach (eg with orbited).

Is it worth using/developing a chat app using the old-fashioned
approach?  Is comet better for all circumstances?

My instinct is to try and get django-chat on its feet: stable and
documented.  If it turns out that approach is not up to my needs, I'll
turn to something using comet.

Projects I've found:

* django-chat
  http://code.google.com/p/django-chat/
  little documentation, but seems to work (with a strange intermittent
bug)

* evserver
  http://code.google.com/p/evserver/
  http://popcnt.org/2008/01/django-evserver-asynchronous-server-for.html
  http://popcnt.org/2007/12/asynchronous-django-responses-comet-yes.html
  evserver is

* Various projects based on Orbited
  http://orbited.org/
  - Orbited tutorials (http://orbited.org/wiki/Tutorials/)
  - willowchat (http://willowchat.org/)
  - Django, Comet and IRC client (http://www.rkblog.rk.edu.pl/w/p/
django-comet-and-irc-client/)
  includes a simple chat application:
http://evserver.googlecode.com/svn/trunk/evserver/examples/django_chat/

* django-jchat
  http://code.google.com/p/django-jchat/
  description, no documentation

* djangochat
  http://github.com/dmm/djangochat/tree/master
  "Django-based jabber client app"
  no documentation

Thanks and best wishes

Ivan


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---