[google-appengine] asking for the python debugger
Hi, I really would like to use pdb as my main way to debug an old app that I received from a third-party. Does it have a way to enable it by modifying the dev server code? Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Dynamically Choosing Which Properties to Write to the Datastore
Has anyone tried to dynamically select which properties they want to write to an entity on appengine? For example: I have a web form with 5 fields, and any given user will fill out some subset of those fields. I POST only the fields with data to the server (e.g. Fields 1,2,4). On the server side, how do I elegantly write only properties 1,2, and 4? The Model class has a function that returns a dictionary of property names (Model.properties()), but how would I use it to select property names? In SQL, I would build an INSERT or UPDATE statement by matching the fields POSTed against the Model.properties() dictionary. I read trunk/ google/appengine/ext/db/init.py which seemed to confirm that there is no way to refer to the properties as a group. Am I approaching this the wrong way? Anyone know of a workaround? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Dynamically Choosing Which Properties to Write to the Datastore
You can get the form data through self.request.get(name) and give the object proper property. for example, in the html form action=/submit method=post input name=a input name=b input type=submit value=Post /form in the server side, you write, class Submit(webapp.RequestHandler): def post(self): a = self.request.POST.get('a') b = self.request.POST.get('b') object = Object() object.a=a object.b=b object.put() On Fri, Jan 23, 2009 at 4:48 PM, David Kamenetz kamene...@yahoo.ca wrote: Has anyone tried to dynamically select which properties they want to write to an entity on appengine? For example: I have a web form with 5 fields, and any given user will fill out some subset of those fields. I POST only the fields with data to the server (e.g. Fields 1,2,4). On the server side, how do I elegantly write only properties 1,2, and 4? The Model class has a function that returns a dictionary of property names (Model.properties()), but how would I use it to select property names? In SQL, I would build an INSERT or UPDATE statement by matching the fields POSTed against the Model.properties() dictionary. I read trunk/ google/appengine/ext/db/init.py which seemed to confirm that there is no way to refer to the properties as a group. Am I approaching this the wrong way? Anyone know of a workaround? -- Stay hungry,Stay foolish. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: asking for the python debugger
Hi Mat, I'm using pdb with success. 1. in SDK comment out line: sys.meta_path = [hook] in dev_appserver.py (Warning: this will disable hardened production-like environment dev_appserver provides for your local app!) 2. use following code to put trace in your app: def b(): import pdb, sys sys.__stdout__.write('\a') sys.__stdout__.flush() debugger = pdb.Pdb(stdin=sys.__stdin__, stdout=sys.__stdout__) debugger.set_trace(sys._getframe().f_back) I have this function dbg module and small textmate snippet which puts: import dbg;dbg.b() # where you want breakpoint regards, Antonin Note: once I was able to use pdb without global sys.meta patch by temporarily patching sys.meta in my main handler. This doesn't work for me anymore (maybe some caching issues or some newly hardened parts got into the way, I don't know I'm not a python pro) You may also check FirePython for aid in debugging your app: http://github.com/darwin/firepython/tree/master On Jan 24, 7:48 am, Mat matdrap...@gmail.com wrote: Hi, I really would like to use pdb as my main way to debug an old app that I received from a third-party. Does it have a way to enable it by modifying the dev server code? Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] two paging problems
I've read the discussion about paging and have post some problems. But I still have some problems. If I builds index by myself, I cannot index the search result. And if I have built index for an object and delete one instance of an object, the index will be broken. If I use the GAE Paginator class (http://appengine- cookbook.appspot.com/recipe/gae-paginator-class/? id=ahJhcHBlbmdpbmUtY29va2Jvb2tyjgELEgtSZWNpcGVJbmRleCI4YWhKaGNIQmxibWRwYm1VdFkyOXZhMkp2YjJ0eUZBc1NDRU5oZEdWbmIzSjVJZ1pFYW1GdVoyOE0MCxIGUmVjaXBlIjlhaEpoY0hCbGJtZHBibVV0WTI5dmEySnZiMnR5RkFzU0NFTmhkR1ZuYjNKNUlnWkVhbUZ1WjI4TTcM) Then how to deal with the 1000 result limit in GAE? I cannot page if I have more than 1000 result. I can write my new paging class, but wish you can give me some advice.Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Application registration issue
Well I just logged into http://appengine.google.com/a/0gravity.co.uk and saw the application sitting there. So even though I was logged in with a different google account it got shoved there. Least it's working but really not sure why it did that. Most odd?! On Jan 24, 9:31 am, Alistair alist...@0gravity.co.uk wrote: Hi there, I signed up to Google App Engine and did the sms verification which was completed successfully. I then selected an application name which, in theory, was accepted as it was available. After submitting I was taken straight back to the application registration page which was odd and now the app name that I selected is no longer available. Can't find any way to get to the control panel as it forces me to /start/ thinking I have no apps available? Not sure what to do now, am guessing that google might need to have a look into it? Appreciate anyone's advice on this though! Cheers, Alistair --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Application registration issue
I have had a torturous time with the SMS verification process, using several phone numbers and different Premiere Edition accounts. Currently I have three App Engine subdomains uploaded, but to the wrong Standard Edition Account. I can upload to the subdomains and use them, but they don't show under any of my active Standard Edition or Premiere Edition accounts. The telephone numbers I used to get the verification codes are no longer workable, so I can't use my cell or land line. I can get into the dashboards for each of the App Engine subdomain names even though these names appear nowhere in any of the accounts I use. So, I am using a Standard Edition user id and password to upload a Premiere Edition capability (App Engine), the result of which appears in none of my active accounts, but which work perfectly when I use the proper URLs, and I have expended my telephone accounts to get to this state of affairs.. I challenge anyone to top this for crazy. On Sat, Jan 24, 2009 at 7:17 AM, Alistair alist...@0gravity.co.uk wrote: Well I just logged into http://appengine.google.com/a/0gravity.co.uk and saw the application sitting there. So even though I was logged in with a different google account it got shoved there. Least it's working but really not sure why it did that. Most odd?! On Jan 24, 9:31 am, Alistair alist...@0gravity.co.uk wrote: Hi there, I signed up to Google App Engine and did the sms verification which was completed successfully. I then selected an application name which, in theory, was accepted as it was available. After submitting I was taken straight back to the application registration page which was odd and now the app name that I selected is no longer available. Can't find any way to get to the control panel as it forces me to /start/ thinking I have no apps available? Not sure what to do now, am guessing that google might need to have a look into it? Appreciate anyone's advice on this though! Cheers, Alistair --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Dynamically Choosing Which Properties to Write to the Datastore
Hmm...I'm not sure how to use your suggestion. Maybe if I make my question more specific it will help. My html looks something like this: form method=POST action=. enctype=multipart/form-data Title: input type=text name=title/ Text: input type=text name=txt/ Image: input type=file name=imgfile/ input type=submit/ /form If I were writing every field, every time, my python (Django) would look something like this: if request.POST: formitem = TestModel() formitem.title = request.POST.get('title', '') formtem.txt = request.POST.get('txt', '') if request.FILES['imgfile']: formitem.img = request.FILES['imgfile'].read() formitem.put() However, if the user only enters/changes, say, the txt field on the form I only POST the txt field to the server. I don't send all the fields. My POST only has data for txt. If I use the code above on an existing entity, it will erase the title property (formitem.title). Is there an elegant way to write only the txt element to the txt property? If we were working with SQL, we could do something roughly like this: dctPOST = request.POST strSQL1 = INSERT INTO testmodel ( strSQL2 = VALUES ( for k, v in dctPOST.iteritems(): strSQL1 += , %s % (k) strSQL2 += , %s % (v) strSQL = strSQL1 + ) + strSQL2 + ) Then execute the SQL. On other RDBMS platforms, there would probably be a collection of fields that we could reference like this: table (strFieldName)=value. Basically, I want write access to model properties by name or some other dictionary-like reference (Model.properties() is read only). Am I approaching this problem the wrong way on appengine, or is this a limitation? Thanks, David On Jan 24, 7:33 am, kang areyouloo...@gmail.com wrote: You can get the form data through self.request.get(name) and give the object proper property. for example, in the html form action=/submit method=post input name=a input name=b input type=submit value=Post /form in the server side, you write, class Submit(webapp.RequestHandler): def post(self): a = self.request.POST.get('a') b = self.request.POST.get('b') object = Object() object.a=a object.b=b object.put() On Fri, Jan 23, 2009 at 4:48 PM, David Kamenetz kamene...@yahoo.ca wrote: Has anyone tried to dynamically select which properties they want to write to an entity on appengine? For example: I have a web form with 5 fields, and any given user will fill out some subset of those fields. I POST only the fields with data to the server (e.g. Fields 1,2,4). On the server side, how do I elegantly write only properties 1,2, and 4? The Model class has a function that returns a dictionary of property names (Model.properties()), but how would I use it to select property names? In SQL, I would build an INSERT or UPDATE statement by matching the fields POSTed against the Model.properties() dictionary. I read trunk/ google/appengine/ext/db/init.py which seemed to confirm that there is no way to refer to the properties as a group. Am I approaching this the wrong way? Anyone know of a workaround? -- Stay hungry,Stay foolish. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: asking for the python debugger
Hi Antonin, when I am commenting the line suggested in the dev_appserver.py, I get the following error message: File /home/mat/prog/google_appengine/google/appengine/tools/ dev_appserver.py, line 782, in __init__ raise IOError(errno.EACCES, 'file not accessible') IOError: [Errno 13] file not accessible In the gae sdk version 1.1.8, the line 782 refers to the init function of a fake file. Should I bypass completely the test for a fake file? If so, I get version conflicts with other libs. This is getting really annoying, I really don't understand why pdb is not available for the DEV side! Thanks, Mat On Jan 24, 8:40 am, Antonin Hildebrand antonin.hildebr...@gmail.com wrote: Hi Mat, I'm using pdb with success. 1. in SDK comment out line: sys.meta_path = [hook] in dev_appserver.py (Warning: this will disable hardened production-like environment dev_appserver provides for your local app!) 2. use following code to put trace in your app: def b(): import pdb, sys sys.__stdout__.write('\a') sys.__stdout__.flush() debugger = pdb.Pdb(stdin=sys.__stdin__, stdout=sys.__stdout__) debugger.set_trace(sys._getframe().f_back) I have this function dbg module and small textmate snippet which puts: import dbg;dbg.b() # where you want breakpoint regards, Antonin Note: once I was able to use pdb without global sys.meta patch by temporarily patching sys.meta in my main handler. This doesn't work for me anymore (maybe some caching issues or some newly hardened parts got into the way, I don't know I'm not a python pro) You may also check FirePython for aid in debugging your app:http://github.com/darwin/firepython/tree/master On Jan 24, 7:48 am, Mat matdrap...@gmail.com wrote: Hi, I really would like to use pdb as my main way to debug an old app that I received from a third-party. Does it have a way to enable it by modifying the dev server code? Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: asking for the python debugger
Hi Antonin, when I am commenting the line suggested in the dev_appserver.py, I get the following error message: File /home/mat/prog/google_appengine/google/appengine/tools/ dev_appserver.py, line 782, in __init__ raise IOError(errno.EACCES, 'file not accessible') IOError: [Errno 13] file not accessible In the gae sdk version 1.1.8, the line 782 refers to the init function of a fake file. Should I bypass completely the test for a fake file? If so, I get version conflicts with other libs. This is getting really annoying, I really don't understand why pdb is not available for the DEV side! Thanks, Mat On Jan 24, 8:40 am, Antonin Hildebrand antonin.hildebr...@gmail.com wrote: Hi Mat, I'm using pdb with success. 1. in SDK comment out line: sys.meta_path = [hook] in dev_appserver.py (Warning: this will disable hardened production-like environment dev_appserver provides for your local app!) 2. use following code to put trace in your app: def b(): import pdb, sys sys.__stdout__.write('\a') sys.__stdout__.flush() debugger = pdb.Pdb(stdin=sys.__stdin__, stdout=sys.__stdout__) debugger.set_trace(sys._getframe().f_back) I have this function dbg module and small textmate snippet which puts: import dbg;dbg.b() # where you want breakpoint regards, Antonin Note: once I was able to use pdb without global sys.meta patch by temporarily patching sys.meta in my main handler. This doesn't work for me anymore (maybe some caching issues or some newly hardened parts got into the way, I don't know I'm not a python pro) You may also check FirePython for aid in debugging your app:http://github.com/darwin/firepython/tree/master On Jan 24, 7:48 am, Mat matdrap...@gmail.com wrote: Hi, I really would like to use pdb as my main way to debug an old app that I received from a third-party. Does it have a way to enable it by modifying the dev server code? Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: asking for the python debugger
Ah, you are right. I've also disabled external file checking: --- google/appengine/tools/dev_appserver.py (revision 35) +++ google/appengine/tools/dev_appserver.py (working copy) @@ -749,6 +749,7 @@ Returns: True if the file is accessible, False otherwise. +return True logical_filename = normcase(os.path.abspath(filename)) And for my further needs I've also enabled socket module and commented out MAX_RUNTIME_RESPONSE_SIZE limit. Attaching full patch. regards, Antonin On Sat, Jan 24, 2009 at 6:26 PM, Mat matdrap...@gmail.com wrote: Hi Antonin, when I am commenting the line suggested in the dev_appserver.py, I get the following error message: File /home/mat/prog/google_appengine/google/appengine/tools/ dev_appserver.py, line 782, in __init__ raise IOError(errno.EACCES, 'file not accessible') IOError: [Errno 13] file not accessible In the gae sdk version 1.1.8, the line 782 refers to the init function of a fake file. Should I bypass completely the test for a fake file? If so, I get version conflicts with other libs. This is getting really annoying, I really don't understand why pdb is not available for the DEV side! Thanks, Mat On Jan 24, 8:40 am, Antonin Hildebrand antonin.hildebr...@gmail.com wrote: Hi Mat, I'm using pdb with success. 1. in SDK comment out line: sys.meta_path = [hook] in dev_appserver.py (Warning: this will disable hardened production-like environment dev_appserver provides for your local app!) 2. use following code to put trace in your app: def b(): import pdb, sys sys.__stdout__.write('\a') sys.__stdout__.flush() debugger = pdb.Pdb(stdin=sys.__stdin__, stdout=sys.__stdout__) debugger.set_trace(sys._getframe().f_back) I have this function dbg module and small textmate snippet which puts: import dbg;dbg.b() # where you want breakpoint regards, Antonin Note: once I was able to use pdb without global sys.meta patch by temporarily patching sys.meta in my main handler. This doesn't work for me anymore (maybe some caching issues or some newly hardened parts got into the way, I don't know I'm not a python pro) You may also check FirePython for aid in debugging your app:http://github.com/darwin/firepython/tree/master On Jan 24, 7:48 am, Mat matdrap...@gmail.com wrote: Hi, I really would like to use pdb as my main way to debug an old app that I received from a third-party. Does it have a way to enable it by modifying the dev server code? Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~--- r35.patch Description: Binary data
[google-appengine] Re: is gaeutilities sessions the only 3rd party session manager?
Maybe store a secure token locally on gears or flash, then send one time token by javascript. But the initial token still need to be delivered by ssl. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: is gaeutilities sessions the only 3rd party session manager?
The problems I see what that approach is: - 1 time token can be sniffed. We have limited ssl support with appengine which is why the session token client side needs to change. - Relying on gears, flash, or even javascript creates client side dependencies. gaeutilities already has a dependency on cookies because it's low enough level trying to create a way to append the session token to all requests for all applications wasn't really possible. Though I do have plans to expose the session token via some method to provide an opportunity for people to do that. Adding more dependencies is something I want to avoid. On Jan 24, 12:57 pm, yejun yej...@gmail.com wrote: Maybe store a secure token locally on gears or flash, then send one time token by javascript. But the initial token still need to be delivered by ssl. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] SDK as a cache ?
Hi, I was just thinking that once you have the code on the SDK that allows you to have a local datastore, wouldn't be nice to have a magic piece of code to link this local datastore to a global one ? This way the local datastore would act as a data cache for the global datastore and it would allow your web apps to work offline. A kind of specialized google gears ... but transparent for the web app !. You would code your app independently of how is it going to be used. Of course there is a a lot of synchronization problems, for exemple, the fact that if you load an entity that has a reference to another one, and then you lost your connection ... you cannot use that reference. But then again, that would be exactly the work of that great magic piece of code. Just adding noise to the system ... ;-) Nacho --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: SDK as a cache ?
Performance of the local datastore is *slow* if you have 1000's of objects. Some applications have millions of objects in Bigtable. The local datastore is just to try your datamodel on a very small subset of the actual data. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Having problems posting to the AppEngine Cookbook
I just tried to write my first recipe on the Cookbook. I ran into the following problems: 1) I can't attach a .py. I got a message saying I can only attach text/scripts (when that's what I was attaching). 2) There was no warning that the recipe posted anyway. Afraid that I lost all that typing, I went back one page and attempted to attach the script again. I ended up with a duplicate post. 3) My post appears correctly in Edit my recipes, but is corrupted when actually viewing. Notice that halfway through the jinja_helper.py section, the body of my recipe is repeated. The offending character seems to be the in while len(output) 6: Replacing the with lt; breaks up the pre tag. http://appengine-cookbook.appspot.com/recipe/upgrade-the-django-templating-system-to-jinja2/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: hiding private key
I'm not sure what you mean, so I'll simply restate what I believe is the situation and how I would handle it. You need to put some private info into a .py file that will be part of your App Engine app, similar to a config.py. When your app runs, it will need access to the private code in this .py file, which can be done by a simple python import. The problem: You also want to make the source files for your app available in a public svn repository. The solution: On your local machine, you put the private key into some file, call it private.py. Your main.py or some other publicly- released code will import private.py. You want this private.py to be on your local machine and in the App Engine cloud, but NOT in the public svn repository. So, all you have to do is set the svn:ignore property to ignore private.py. This means private.py is not under revision control and won't be committed to the public svn repository. The private.py file will be on your local machine and when you appcfg.py update, the script will see private.py and put it in the cloud as well. Just make sure you keep a backup of the code separate from the svn repository (or keep private.py a one-liner), because if your local machine's disk crashes, you won't have a backup in the public svn repo for private.py. -Bill On Jan 24, 6:25 am, thebrianschott schott.br...@gmail.com wrote: Bill, So, you are not suggesting that Dave's recommendation to NOT put my secret file in the material committed to the appspot, because it would be available to anyone on the web, right? But you are saying that if I learn to write a little script that pulls my secret key [see the quote from Dave, below], then the ignore feature would work nicely for the little script and the tiny.py file Dave mentions. And I agree that the ignore would be dandy and I appreciate your jumping in here. I sure wish such a little script and tiny .py file example existed for me to adapt, because I'm very shaky on python programming, especially creating (,linking) and editing existing editable source files. [Below is a quote from Dave's earlier message in the thread] Okay, I see where you're coming from. Your best bet is probably to auto-generate or manually edit a tiny .py file that you don't check in to SVN (or maybe check in a secret-key.py.template with the key replaced with InsertKeyHere). Then you could write a little script that pulls your real secret key from a file on your own computer before uploading your app. [Above is a quote from Dave's earlier message in the thread] On Jan 24, 1:35 am, Bill billk...@gmail.com wrote: Brian, If you plan on storing thekeyin a file, I would suggest using the svn:ignore feature:http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.advanced.props.s... You can tell svn to not check in any file that matches yourprivate filename. Just let your collaborators know they're supposed to add their version of theprivatefile after svn checkout. -Bill On Jan 23, 8:21 pm, thebrianschott schott.br...@gmail.com wrote: Dave, Thank you for clarifying that. I guess I would have to put thekey into the datastore, but that may not be practical for me either. I have not decided yet how much access to the datastore I will give users of my app, yet. I don't think they need any, but I cannot be sure now. In any case, thanks again for sticking with this discussion. Brian in Atlanta --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Custom Login System
On Jan 24, 10:10 am, Andrew Badera and...@badera.us wrote: Typically, or at least in my experience, salting is md5/sha1/whatever(password+salt) rather than md5(md5(password)+salt) ... If you just hash the password plus the salt, you need to store the password on the server. This is bad, both because servers are vulnerable and also because at some stage you have to transmit the password in clear. So you transmit (and store) the hash of the password, which means you need to hash it twice when you login. But can't the attackers simply spoof a request with that session id in the cookies? Yes, but only while the session is valid. At the very least make your sessions expire frequently, and make logging out enticing for users. And you could also make their IP address part of the salt, and have the server check it. This limits attacks to your internal network. Cheers! Greg. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: is gaeutilities sessions the only 3rd party session manager?
Http digest auth is another option. But without ssl, I can't see any practical reason to elevate session security level. On Jan 24, 1:37 pm, bowman.jos...@gmail.com bowman.jos...@gmail.com wrote: The problems I see what that approach is: - 1 time token can be sniffed. We have limited ssl support with appengine which is why the session token client side needs to change. - Relying on gears, flash, or even javascript creates client side dependencies. gaeutilities already has a dependency on cookies because it's low enough level trying to create a way to append the session token to all requests for all applications wasn't really possible. Though I do have plans to expose the session token via some method to provide an opportunity for people to do that. Adding more dependencies is something I want to avoid. On Jan 24, 12:57 pm, yejun yej...@gmail.com wrote: Maybe store a secure token locally on gears or flash, then send one time token by javascript. But the initial token still need to be delivered by ssl. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: hiding private key
On Sun, Jan 25, 2009 at 10:22 AM, Bill billk...@gmail.com wrote: I'm not sure what you mean, so I'll simply restate what I believe is the situation and how I would handle it. Bill and I are suggesting essentially the same thing. Dave. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Complex tagging of items
Since you only have a few hundred items, the easiest approach may be to filter the results in memory after performing a preliminary datastore query. I would store the tag names in a StringListProperty () on your model. Hope this helps, Chris On Jan 23, 5:17 pm, George Sudarkoff sudark...@gmail.com wrote: I have a bit of a problem coming up with an efficient data model/algo for a project I am working on: I have a few hundred items, each tagged with zero or more tags. I need to be able to fetch items that, for example, are tagged with tag1 AND (tag2 OR tag3) AND NOT tag4. Any help would be greatly appreciated! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Imap and Google App engine
I am working on IMAP Fetcher right now. From a Premiere Edition account, you can reset the IMAP server connection port from 143 to 80, and point IMAP Fetcher to your App Engine appspot.com subdomain. I am trying this right now, but really could use a canned IMAP, bare bones server. I could slip it in and use it as a sniffer for the protocol IMAP Fetcher wants via GAE. Know of any? On Dec 21 2008, 10:25 pm, govno3...@gmail.com govno3...@gmail.com wrote: I'm doing some evaluation whether Google Appengine is appropriate for portion of project. However, I was unable to make imaplib working on Google App Engine. Is it possible to runIMAPon GAE? Also I was unable to make web.py working on - are there any pointers whether web.py works on Google Apple Engine? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] handling timezones - problem using sample code
I'm trying to use timezones in my app. I understand the GAE decided that this isn't something they really want to support well. I'm trying to use the workaround suggested of creating my own timezone classes based on the example code below from the GAE documentation. It doesn't run. The exception I get is: type 'exceptions.NameError': name 'datetime_module' is not defined Sorry I'm a python newbie, but what's missing? -- class Pacific_tzinfo(datetime_module.tzinfo): Implementation of the Pacific timezone. def utcoffset(self, dt): return datetime_module.timedelta(hours=-8) + self.dst(dt) def _FirstSunday(self, dt): First Sunday on or after dt. return dt + datetime_module.timedelta(days=(6-dt.weekday())) def dst(self, dt): # 2 am on the second Sunday in March dst_start = self._FirstSunday(datetime_module.datetime(dt.year, 3, 8, 2)) # 1 am on the first Sunday in November dst_end = self._FirstSunday(datetime_module.datetime(dt.year, 11, 1, 1)) if dst_start = dt.replace(tzinfo=None) dst_end: return datetime_module.timedelta(hours=1) else: return datetime_module.timedelta(hours=0) def tzname(self, dt): if self.dst(dt) == datetime_module.timedelta(hours=0): return PST else: return PDT pacific_time = utc_time.astimezone(Pacific_tzinfo()) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Custom Login System
If that's what's coming from the browser, then anyone else can just sniff that hash and send it as the password with the username. Not really, because you can simply tell the client to hash the password with some random number (or string) that you sent to the browser... Otherwise, though, you are correct. And even if I do use openID, or the like, I also wanted to know about securing the cookie (or session), because even in such a situation they only perform the password check. The rest is in the applications hands. On Jan 23, 10:50 pm, bowman.jos...@gmail.com bowman.jos...@gmail.com wrote: By the way, relying on javascript to handle hashing passwords and such isn't a reliable solution. If that's what's coming from the browser, then anyone else can just sniff that hash and send it as the password with the username. In the end you're relying on data from the client being secure, which is bad. I'd suggest, if you don't want to use the Google User API, you look into still using other ID providers, such as OpenID, Oauth, or Facebook connect. They will handle the login via SSL on their end, and the account validation would happen via urlfetch between your application and the provider, leaving no traffic to be sniffed on the users network. If you really need a unique user system, I suppose you could set up a VPS server and have it act as an OpenID provider. One thought that just hit me as I writing this up is you could also use the build in application.appspot.com ssl that google provides you to handle the login by making it an OpenID provider. I believe there's a sample application out there for making an OpenID provider on GAE. Then your application, if you're using your own domain name, could urlfetch to itself for that portion of the authentication, in order to get the cookie domain set correctly for your sessions. This is something that would make an interesting little project, I wish I had time for. On Jan 23, 10:42 pm, bowman.jos...@gmail.com bowman.jos...@gmail.com wrote: gaeutilities -http://gaeutilities.appspot.com/-has a session class built specifically to work around that problem. The session id (used for matching data to the session) is never passed to the browser, rather is uses a session token system. By default a session token is valid for only 5 seconds, after which a new session token is generated. The current token, plus previous two, are stored and are valid on requests in order to not cause problems with sites who's pages may make multiple requests (AJAX oriented sites). It also includes a middleware class so you can plug it in and use it directly with memcache. Version 1.1.1 is the current release, and the next release will include some new functionality to try and increase the performance by relying more on memcache (while still using the datastore in order to provide a completely reliable solution). It already uses both, but I'm working on cutting down the amount of writes. It's BSD licensed, open source. There are no fees or attribution requirements for it's use. This will not provide you with a login system. However, it does plug directly into django using the middleware so you can use django's authentication system. I in fact am currently using it, django, and the appenginepatch project -http://code.google.com/p/app-engine-patch/ - with some custom backends to handle OpenId and Oauth authentication for my user management system. On Jan 23, 4:16 pm, MajorProgamming sefira...@gmail.com wrote: Javascript on your login form should first hash the password, then hash the result with a salt - say the session id I assume that's only true if I opt out of SSL? That way the contents of the cookie are no use to anyone, all useful info is stored in memcache, where attackers can't get it. But can't the attackers simply spoof a request with that session id in the cookies? On Jan 23, 4:01 pm, Greg g.fawc...@gmail.com wrote: First, if you are not a security expert, consider using Django's authentication framework. Online security is not easy - there are a lot of things you have to get right, and missing just one of them means you've failed. I have a reasonable amount of experience with online security, so I built my own authentication system on top of gmemsess, a memchache- backed session object. Unfortunately my code isn't modular enough to publish, but here are a few pointers... - SSL is always good, because it means anyone with access to your comms can't easily see what you are doing. However, it isn't crucial, as long as your customers can live with the unlikely event of someone sniffing their traffic - a good authentication scheme will prevent attackers sniffing passwords, although everything they do after logging in may be visible. - Cookies are far more convenient than trying to pass a session ID with every
[google-appengine] Re: Dynamically Choosing Which Properties to Write to the Datastore
Thanks Bill, that was helpful. I had been browsing datastore.py in the SDK, but I wasn't quite sure how to use it. Your solution gave me a lot of ideas. Regards, David On Jan 24, 7:11 pm, Bill billk...@gmail.com wrote: Hi David, On Jan 24, 8:39 am, David Kamenetz kamene...@yahoo.ca wrote: However, if the user only enters/changes, say, the txt field on the form I only POST the txt field to the server. I don't send all the fields. My POST only has data for txt. If I use the code above on an existing entity, it will erase the title property (formitem.title). Is there an elegant way to write only the txt element to the txt property? As far as I know, you can't write only one property when replacing an existing entity, but maybe there's something that can be done at the lowest levels just before going to the protocol buffer. (See datastore.py and datastore_pb.py in the SDK where entity dicts are being passed.) I use POSTs to create new entities and PUTs to modify existing ones or store a new entity in a known url. With the PUTs, if there's an existing entity, you need to read it in and then selectively modify key/values depending on what's been passed from your form. So creating new entities through POST is simple. Just set whatever property you want to set on model initialization, and all others are not stored. You can automate the whole process by creating a Model you'll inherit from (I call mine SerializableModel), and create a method that iterates through all model properties, calls request.get() on them, and if the get isn't None (i.e., there's a value passed in from your form), you add that key/value to your entity dict. You later pass the entity dict as an initializer into your Model constructor. For example: def get_entity_dict(model_class, get_func): entity_dict = {} for prop_name, prop_class in model_class.properties().iteritems(): value = get_func(prop_name) if value: entity_dict[prop_name] = model_class.deserialize (prop_class, value) return entity_dict So in the above, get_func is set to: get_func = lambda x : some_handler.request.get(x, default_value=None) We only set key/value pairs in entity_dict for properties that are set in form. The model_class.deserialize() is a routine that takes strings from the form and converts them into appropriate datastore objects. So in your handler you'd have something like this in simplified form: def post(self): get_func = lambda x : some_handler.request.get(x, default_value=None) props = get_entity_dict(MyModel, get_func) obj = MyModel(**props) obj.put() For the PUT case, you read the entity first, set the entity_dict to the current entity values, and then do the above. I might open source the model system I've created that does all this stuff. -Bill --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Can I download my own script?
I accidentally deleted one of my script(using mv in linux) from my hard drive, and I don't have a copy of it. Is there anyway I can get it from App Engine? I can't upload any tools for it because that will delete it on the server! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: handling timezones - problem using sample code
Replace 'datetime_module' with 'datetime' everywhere and add this line on top of your Python file: import datetime On Jan 25, 12:18 pm, jones34 ljw1...@gmail.com wrote: I'm trying to use timezones in my app. I understand the GAE decided that this isn't something they really want to support well. I'm trying to use the workaround suggested of creating my own timezone classes based on the example code below from the GAE documentation. It doesn't run. The exception I get is: type 'exceptions.NameError': name 'datetime_module' is not defined Sorry I'm a python newbie, but what's missing? -- class Pacific_tzinfo(datetime_module.tzinfo): Implementation of the Pacific timezone. def utcoffset(self, dt): return datetime_module.timedelta(hours=-8) + self.dst(dt) def _FirstSunday(self, dt): First Sunday on or after dt. return dt + datetime_module.timedelta(days=(6-dt.weekday())) def dst(self, dt): # 2 am on the second Sunday in March dst_start = self._FirstSunday(datetime_module.datetime(dt.year, 3, 8, 2)) # 1 am on the first Sunday in November dst_end = self._FirstSunday(datetime_module.datetime(dt.year, 11, 1, 1)) if dst_start = dt.replace(tzinfo=None) dst_end: return datetime_module.timedelta(hours=1) else: return datetime_module.timedelta(hours=0) def tzname(self, dt): if self.dst(dt) == datetime_module.timedelta(hours=0): return PST else: return PDT pacific_time = utc_time.astimezone(Pacific_tzinfo()) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Can I download my own script?
See the first question in the Community FAQ: http://knol.google.com/k/-/app-engine-community-faqs/vkzeph4si12v/1 On Jan 25, 3:53 pm, DaNmarner danmar...@gmail.com wrote: I accidentally deleted one of my script(using mv in linux) from my hard drive, and I don't have a copy of it. Is there anyway I can get it from App Engine? I can't upload any tools for it because that will delete it on the server! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---