Re: [Tutor] mod_python authentication
On Mo, 2009-12-07 at 23:10 -0500, Marc wrote: While I agree with the cookie (as long as it has a short expiration), another way to do this is by using expiring tokenization (credentials+ some unique data for the transaction) in the URL header (see section 14.8 at http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html). Tokenization substitutes some random string for confidential data (such as credentials). This is essentially what I said about passing variables in the URL. The important thing still is information hiding, though: you don't want the user to have any clue what those variables mean so they can't modify them too easily. This is also why you should never expose critical variables (e.g. user ID) to possible modification. The payment card industry uses this in the form of an authorization code for card transactions. Add to the data represented by the token some unique data (maybe a random number or some data from the last transaction - it doesn't matter as the token does not expose the data in any way) for each http transaction so you have unique token in each header and you can get an essentially stateful session with a method of checking authentication that has some spoof protection built in. The problem to keep in mind, though, is that your users may be multi-tabbing, i.e. keeping several pages open at the same time. Don't ever rely on a linear experience unless you're dealing with something inherently linear like a survey (though in that case you should probably try to keep it to one page, possibly updated with JavaScript requests if the form doesn't look too friendly on one page) or a check-out process. Wrap it all in SSL/TLS and then you've got something. Granted, this requires some serious server side work, and is probably not a good beginner exercise, but if this level is what you need I have never coded anything like this in Python, but I can see abstractly how it could be done (I'm a novice with Python). If you're bored, you can read http://www.shift4.com/pdf/TokenizationWhitePaper.pdf especially sec1:7. I agree that if you're going for high security/safety tokenization can help, but for most intents and purposes it really isn't necessary. The idea is to avoid re-submission (especially of counter-intuitively side-effect non-free actions like GET requests) and make each action uniquely identifiable, if I understand the method correctly. This is normally only necessary for things like checkouts (keep track of the order ID and make sure the customer can't accidentally place an order twice e.g. by double-clicking the submit button or re-clicking it if the connection hangs) or form submission that affects the server state (e.g. posting a message to a forum, sending an e-mail, ...). SSL/TLS is also usually overkill for most purposes. Certificates provided by many non-commercial authorities will still trigger security warnings in most browsers, so the only way to get one that isn't counter-productive (i.e. diminishes trust rather than increasing it -- dodgy certificates are still valid certificates) is to shell out the big money -- and unless you're into serious business (i.e. anything big enough to justify the expenses), you probably can't be arsed. Cheers, Alan Plum ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] mod_python authentication
How do I Check for an active login session on every page that requires authentication Been at this for days and it's holding me back can someone plz help me with some code examples. ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python authentication
On Mo, 2009-12-07 at 09:35 -0400, Rayon wrote: How do I Check for an active login session on every page that requires authentication Been at this for days and it’s holding me back can someone plz help me with some code examples. To understand sessions you first need to understand that HTTP is a stateless protocol: you connect, send your request, receive a response and the connection is closed. Sessions add a layer of abstraction to create functionality the protocol doesn't provide: multiple requests are grouped and treated as belonging together. There are several ways to accomplish this. The most straightforward way would be remembering the client's IP and persisting variables as relative to that IP -- problem is, IPs are unreliable, can be faked, and do not provide a strong indicator of identity (while an IP only resolves to one machine at a time, that machine may be acting as a gateway or proxy for multiple users connected from other machines -- also, many IPs are dynamically allocated thanks to ISPs). Another method is putting the session's ID in the URLs you display to your users. This creates a lot of problems, though: the session is only maintained as long as the user uses exactly the URLs you provide (they won't stay logged in, for example, if they bookmark a plain URL without the session ID) and it may accidentally be shared between different users by passing the URL verbatim (most users don't know enough about URLs to clean session IDs out of them before sending them to other people -- or don't care!). The fix for this is usually to restrict the session to an IP (which is why you often see the checkbox Restrict my session to this IP in log-in forms), but that screws you over if your IP may randomly change between consecutive requests and thus may break the illusion. The most common and reliable choice is the good old session cookie: a cookie (a small data string) is sent to the browser, containing just the session ID (and, sometimes, non-critical data such as accessibility settings if the website provides them). Because the browser is normally restricted to a single user, the session ID is stored in a safe place -- except it isn't really because some people use e.g. internet cafés and such which may not dispose of session data regularly. Also, a user may access the same site from different devices or places, therefore hoarding cookies for different sessions creating consistency problems. Still, cookies are the easiest and most reliable way to store a session ID and non-critical data. If you couple them with IP restrictions and a conservative expiry time (i.e. duration of inactivity until the session becomes invalid or expired and all associated variables are wiped) and provide a fallback mechanism for users who disabled (or can't accept) cookies, you should have most scenarios covered (although some sites actually just stick to cookies and provide no fallbacks). So once you've decided on a mechanism to persist the session ID, let's see what a session actually is. In most cases you want to use them for a log-in mechanism: the user enters their username and password, successfully, and is welcomed by a personal greeting and a new navigation subtree that was previously unavailable. In this case it may be tempting to simply store the user's ID and log-in state in a cookie, but that'd be incredibly silly because the user can easily edit them if he knows about cookies (even worse things can happen if you provide useful variables like is_admin: False). Instead you should store those variables in a safe place (persist them) like a database or special session files. The session ID acts as a key to the session file or database entry, so you need to make sure it's not easily guessable: many websites use very long seemingly-randomly generated strings (a hash of the user's IP and the millisecond time of the session's creation may yield good results). Also, if you want to persist something, make sure it's easily persistable. A string variable is child's play, an open file on the other hand may cause locking problems and if you deal with large volumes of data (e.g. binary file uploads kept in memory) you may quickly run out of space. If you don't want to have to deal with all of these considerations and instead prefer something shrinkwrapped and ready for use, Google is your friend. Depending on what you use there are plenty of CGI-compatible packages and WSGI frameworks to choose from. Cheers, Alan Plum ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python authentication
Alan, I am very impressed! This one goes to my knowledge base. Thanks a lot. 2009/12/7 Alan Plum alan.p...@uni-koeln.de: On Mo, 2009-12-07 at 09:35 -0400, Rayon wrote: How do I Check for an active login session on every page that requires authentication Been at this for days and it’s holding me back can someone plz help me with some code examples. To understand sessions you first need to understand that HTTP is a stateless protocol: you connect, send your request, receive a response and the connection is closed. Sessions add a layer of abstraction to create functionality the protocol doesn't provide: multiple requests are grouped and treated as belonging together. There are several ways to accomplish this. The most straightforward way would be remembering the client's IP and persisting variables as relative to that IP -- problem is, IPs are unreliable, can be faked, and do not provide a strong indicator of identity (while an IP only resolves to one machine at a time, that machine may be acting as a gateway or proxy for multiple users connected from other machines -- also, many IPs are dynamically allocated thanks to ISPs). Another method is putting the session's ID in the URLs you display to your users. This creates a lot of problems, though: the session is only maintained as long as the user uses exactly the URLs you provide (they won't stay logged in, for example, if they bookmark a plain URL without the session ID) and it may accidentally be shared between different users by passing the URL verbatim (most users don't know enough about URLs to clean session IDs out of them before sending them to other people -- or don't care!). The fix for this is usually to restrict the session to an IP (which is why you often see the checkbox Restrict my session to this IP in log-in forms), but that screws you over if your IP may randomly change between consecutive requests and thus may break the illusion. The most common and reliable choice is the good old session cookie: a cookie (a small data string) is sent to the browser, containing just the session ID (and, sometimes, non-critical data such as accessibility settings if the website provides them). Because the browser is normally restricted to a single user, the session ID is stored in a safe place -- except it isn't really because some people use e.g. internet cafés and such which may not dispose of session data regularly. Also, a user may access the same site from different devices or places, therefore hoarding cookies for different sessions creating consistency problems. Still, cookies are the easiest and most reliable way to store a session ID and non-critical data. If you couple them with IP restrictions and a conservative expiry time (i.e. duration of inactivity until the session becomes invalid or expired and all associated variables are wiped) and provide a fallback mechanism for users who disabled (or can't accept) cookies, you should have most scenarios covered (although some sites actually just stick to cookies and provide no fallbacks). So once you've decided on a mechanism to persist the session ID, let's see what a session actually is. In most cases you want to use them for a log-in mechanism: the user enters their username and password, successfully, and is welcomed by a personal greeting and a new navigation subtree that was previously unavailable. In this case it may be tempting to simply store the user's ID and log-in state in a cookie, but that'd be incredibly silly because the user can easily edit them if he knows about cookies (even worse things can happen if you provide useful variables like is_admin: False). Instead you should store those variables in a safe place (persist them) like a database or special session files. The session ID acts as a key to the session file or database entry, so you need to make sure it's not easily guessable: many websites use very long seemingly-randomly generated strings (a hash of the user's IP and the millisecond time of the session's creation may yield good results). Also, if you want to persist something, make sure it's easily persistable. A string variable is child's play, an open file on the other hand may cause locking problems and if you deal with large volumes of data (e.g. binary file uploads kept in memory) you may quickly run out of space. If you don't want to have to deal with all of these considerations and instead prefer something shrinkwrapped and ready for use, Google is your friend. Depending on what you use there are plenty of CGI-compatible packages and WSGI frameworks to choose from. Cheers, Alan Plum ___ Tutor maillist - tu...@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription
Re: [Tutor] mod_python authentication
On Mo, 2009-12-07 at 09:35 -0400, Rayon wrote: How do I Check for an active login session on every page that requires authentication To understand sessions you first need to understand that HTTP is a stateless protocol: you connect, send your request, receive a response and the connection is closed. There are several ways to accomplish this. The most straightforward way would be remembering the client's IP Another method is putting the session's ID in the URLs you display to your users. The most common and reliable choice is the good old session cookie While I agree with the cookie (as long as it has a short expiration), another way to do this is by using expiring tokenization (credentials + some unique data for the transaction) in the URL header (see section 14.8 at http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html). Tokenization substitutes some random string for confidential data (such as credentials). The payment card industry uses this in the form of an authorization code for card transactions. Add to the data represented by the token some unique data (maybe a random number or some data from the last transaction - it doesn't matter as the token does not expose the data in any way) for each http transaction so you have unique token in each header and you can get an essentially stateful session with a method of checking authentication that has some spoof protection built in. Wrap it all in SSL/TLS and then you've got something. Granted, this requires some serious server side work, and is probably not a good beginner exercise, but if this level is what you need I have never coded anything like this in Python, but I can see abstractly how it could be done (I'm a novice with Python). If you're bored, you can read http://www.shift4.com/pdf/TokenizationWhitePaper.pdf especially sec1:7. Ok, Ok, I'll shut up now - I've got to go play with some XML anyhow...Thanks for listening. ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] mod_python authentication
how to check whether a user is authenticated with mod_python ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] mod_python authentication
I need to setup a login page for a web application but I am not finding any code in the mod_python doc that shows me how to do this. What is need is the code to tell apache to get this login data from a login page. ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python authentication
On Sat, Dec 5, 2009 at 8:26 PM, Rayon evosw...@hotmail.com wrote: I need to setup a login page for a web application but I am not finding any code in the mod_python doc that shows me how to do this. What is need is the code to tell apache to get this login data from a login page. If you want Apache to directly handle logins via HTTP auth then you don't need to write any code, just configure your vhost or .htaccess file (see for example the AuthUserFile directive). OTOH if you want to build your own login system (e.g. with user details stored in a database) then you: 1) Make a regular HTML form with username and password fields 2) Write whatever login processing code you need, and have the form submit to it. 3) Check for an active login session on every page that requires authentication, and redirect them back to the login form if necessary. HTH, benno. ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] mod_python authentication
I need to setup a login page for a web application but I am not finding any code in the mod_python doc that shows me how to do this. What is need is the code to tell apache to get this login data from a login page. OTOH if you want to build your own login system (e.g. with user details stored in a database) then you: 1) Make a regular HTML form with username and password fields 2) Write whatever login processing code you need, and have the form submit to it. 3) Check for an active login session on every page that requires authentication, and redirect them back to the login form if necessary. I need to know how to configure the httpd file to allow for this al so. ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
[Tutor] mod_python
Is mod_python the only way to integrate python and apache2 ? I am interested in using Python instead of PHP and would like to use Python's template style as well as a framework such as Pylons or Django. Thanks in advance! -- - - - - - - - - - - - - - Jason Limoges, France ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python
mod_wsgi is another option that supposedly has a smaller memory footprint and, in my case, proved easier to configure than mod_python http://code.google.com/p/modwsgi/ http://code.djangoproject.com/wiki/django_apache_and_mod_wsgi ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python
Wsgi is also more portable than mod_python: mod_python is solely available on the Apache httpd, whereas wsgi is available on many more. --- Richard Roadie Rich Lovely Part of the JNP|UK Famille www.theJNP.com (Sent from my iPod - please allow me a few typos: it's a very small keyboard) On 28 Nov 2008, at 03:59 PM, Serdar Tumgoren [EMAIL PROTECTED] wrote: mod_wsgi is another option that supposedly has a smaller memory footprint and, in my case, proved easier to configure than mod_python http://code.google.com/p/modwsgi/ http://code.djangoproject.com/wiki/django_apache_and_mod_wsgi ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python
Jason DeBord [EMAIL PROTECTED] wrote in using Python instead of PHP and would like to use Python's template style as well as a framework such as Pylons or Django. I can't speak for those two but ISTR that TurboGears had a fairly comprehensive set of notes on how to configure with lots of front ends including mod_python. Try checking out your preferred framework site you might find all you need there. mod_python is almost certainly not the *only* option, but it might be the best for you. Alan G ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python, mod_wsgi, web.py, django! What to use?
Alec Henriksen [EMAIL PROTECTED] wrote So, lets say I want to develop a distributable web application (such as phpBB or Drupal) for Python. What platform (mod_wsgi, mod_python) would I use to reach as many users as possible, and on top of that, which (if any) framework should I use to develop this web application? The biggest limitation by far on Python web development is lack of Python support on the web servers. You need to find a provider that either gives you an account on a server with which you can install any frameworks you desire, or, find a provider which supports your framework. Even basic CGI with Python is a problem on most web hosting sites because although PHP and Perl will usually exist(and often Java too) it is much less common to find Python. And if you do it may be very old, often v2.2 or even older! What is currently lacking in Python's web application selection? Very little is lacking on the Python side - see a recent thread here - but support on commercial web hosts is patchy. You need to check exactly what is available from your host before signing up. HTH, -- Alan Gauld Author of the Learn to Program web site http://www.freenetpages.co.uk/hp/alan.gauld ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python, mod_wsgi, web.py, django! What to use?
On Mon, Sep 29, 2008 at 2:55 AM, Alan Gauld [EMAIL PROTECTED]wrote: The biggest limitation by far on Python web development is lack of Python support on the web servers. You need to find a provider that either gives you an account on a server with which you can install any frameworks you desire, or, find a provider which supports your framework. In my experience, it's not that uncommon for hosting providers to support Python - but most of the popular frameworks use long-running processes (I put that in quotes because I suppose it's a matter of opinion exactly how long is long.) GoDaddy in particular, and budget shared hosting services in general, don't support Django/TurboGears/Pylons etc. for this reason - but if you want to roll your own, you can. Django, TurboGears, and Pylons have pages that list hosting providers who _do_ support them. http://code.djangoproject.com/wiki/DjangoFriendlyWebHosts http://docs.turbogears.org/1.0/Hosting http://pylonshq.com/project/pylonshq/wiki/Hosting -- www.fsrtechnologies.com ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] mod_python, mod_wsgi, web.py, django! What to use?
Hello, This is my first time posting to this board, so please forgive me if I mess something up. So, lets say I want to develop a distributable web application (such as phpBB or Drupal) for Python. What platform (mod_wsgi, mod_python) would I use to reach as many users as possible, and on top of that, which (if any) framework should I use to develop this web application? Also, what are some popular python web applications (forums, cms) that I could take example of? What did they use? What is currently lacking in Python's web application selection? -- Alec Henriksen [EMAIL PROTECTED] @ http://alecwh.com ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python, mod_wsgi, web.py, django! What to use?
So, lets say I want to develop a distributable web application (such as phpBB or Drupal) for Python. What platform (mod_wsgi, mod_python) would I use to reach as many users as possible, and on top of that, which (if any) framework should I use to develop this web application? A lot of applications run on Apache with mod_wsgi or mod_python or as stand alone applications with or without mod_proxy. For my own environment, which usually involves some static pages and PHP apps, I prefer mod_wsgi. If you go the framework route then your application should end up being agnostic to this detail of the deployment. I happen to like the TurboGears 2 framework. It implements Pylons with a number of sane choices in the development environment. Using the SQL Alchemy ORM means that I define my data in Python and call the mapper instead of defining both a Python data structure and an SQL schema. Where portability is an issue Alchemy takes care of it transparently. Genshi is the default template engine for TG2. The performance is adequate for me and that choice allows me to have non-Pythonista friends work on the user interface. Also, what are some popular python web applications (forums, cms) that I could take example of? What did they use? They used PHP. :-/ I think that Python suffered for a while because it was too easy to write frameworks. For a long time it was a truism that there were as many Python frameworks as developers. I think that made Python an inconsistent performer for web applications, but mod_wsgi makes Python's relative performance under Apache compared to other web scripting languages a non-issue for the first time. What is currently lacking in Python's web application selection? E-Commerce: http://www.oreillynet.com/onlamp/blog/2007/08/fear_and_loathing_with_low_end.html In Python e-commerce, the only significant player is Satchmo. There's an alpha release for a plug-able CMS built on TG2 due for release next week. I'd love to see an e-commerce plug-in. Chris -- Make a difference in the world and support more Diplomacy projects and services then you can shake a dagger at, please read: http://members.bluegoosenews.com/diplomacy/blog/2008/09/24/a_special_note_for_diplomacy_players - or - http://tinyurl.com/3wx6lb Blue Goose is willing to give me $250 to support various services and projects in the Diplomacy hobby. The blog post above will tell you why they are doing this, what I will do with the money, and what you can do to help me get it. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] mod_python
I was just wondering if anyone know of a any good site with examples of mod_python tutorial. the mod_python manual assume isnt really that helpful. thanks ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python
Jalil wrote: I was just wondering if anyone know of a any good site with examples of mod_python tutorial. the mod_python manual assume isnt really that helpful. I have been learning mod_python recently and I found the manual to be quite good... what are you having problems with specifically? thanks ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python mysqldb problem
On Thu, 23 Feb 2006, Patty wrote: def addpercent(mp, lp): conn = MySQLdb.connect(host = localhost, user = root, passwd = ,db =my_db) cursor = conn.cursor() cursor.execute ( UPDATE targets SET mario_percent = %d, lizard_percent = %d WHERE target_name = 'anyname' , (mp, lp)) db.commit() cursor.close() db.close() Hi Patty, Does this code work outside of the context of mod_python? There's something slightly suspicious here in the use of the '%d' format string: I'm not sure MySQLdb will accept it. Let me check... According to the DB API on parameter styles: paramstyle String constant stating the type of parameter marker formatting expected by the interface. Possible values are [2]: 'qmark' Question mark style, e.g. '...WHERE name=?' 'numeric' Numeric, positional style, e.g. '...WHERE name=:1' 'named' Named style, e.g. '...WHERE name=:name' 'format'ANSI C printf format codes, e.g. '...WHERE name=%s' 'pyformat' Python extended format codes, e.g. '...WHERE name=%(name)s' (http://www.python.org/peps/pep-0249.html) So '%s' acts as a placeholder --- a parameter marker --- where MySQLdb will later substitute parameters into. So I'm not certain that '%d' will work properly. In any case, you should never get a segfault in Python code, so something strange is happening. Try seeing if your code works outside of mod_python first; that'll give us at least a little more assurance that it isn't MySQLdb that's doing funny things. You might also want to talk with the mod_python folks, since they'll probably be able to give you ideas on how to get better debugging output here. Good luck to you! ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python mysqldb problem
Hi Danny, I downloaded the latest version of mysqldb and my code worked. btw, I changed it to %s instead of %d. Thanks! Patty ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python mysqldb problem
I downloaded the latest version of mysqldb and my code worked. btw, I changed it to %s instead of %d. Hi Patty, That's great news! Does the whole thing work now, including the integration with mod_python? I'm following up and making sure that the problem was simply the stale copy of MySQLdb. Best of wishes! ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
There seems to be a discussion about this sort of thing every other week or so, and I'm always surprised that no one mentions Cheetah Templates (www.cheetahtemplate.org). It's useful for both web and non-Web applications, and has a straightforward syntax that pretty much *is* Python. For web programming, it can be used for straight up CGI, or in a mod_python type setup. I have used it several times and really enjoyed it. There's alot of work being done right now in preparation for a 2.0 release, so the web site should be very up to date, as well as the tutorial / user's guide. Check it out! Bill On 1/25/06, Ben Vinger [EMAIL PROTECTED] wrote: --- Intercodes [EMAIL PROTECTED] wrote: List: I am still open to suggestions. Being also keen to write better web apps in Python, I've spent a considerable amount of time reading about this (and it is indeed confusing), I've opted to try out something like Pylons or Turbogears. One thing I will say though, is that most of the frameworks you've read about can be run on top of mod_python. So mod_python is not one of the lot - it is essential on Apache unless you opt to use CGI or FCGI. But as I understand it, you would always opt for mod_python over CGI or FCGI on a high-traffic website, though CGI or FCGI is of course fine for smaller things. But mod_python is not so easy to work with and it will only work on Apache. So it seems best to choose something else and run that through mod_python when you're on Apache. ___ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
Some others have already mentioned TurboGears, but since it sounds like you want more control perhaps, I would recommend going with CherryPy (http://www.cherrypy.org). You basically write python code and then expose it to the web (or intranet or whatever). # simple example import cherrypy import time class MySection(object): @cherrypy.expose def index(self): yield h1Hello, world!/h1 yield a href='time'Check the time/a # if you are using Python 2.3, you do the following to expose a method # index.exposed = True @cherrypy.expose def time(self): return pThe current time is %s/p % self.get_time() # this method is not exposed and thus not accessible from the web def get_time(self): return time.ctime() # mount the class at the server root cherrypy.root = MySection() cherrypy.server.start() # end of example You can then run that script and visit http://localhost:8080/. That will call the index method of the MySection object mounted at the server root. You can also visit http://localhost:8080/time. However, http://localhost:8080/get_time is _not_ available to the web, because it is not exposed. Anyhow, CherryPy is very pythonic and flexible. Use whatever DB you want (or flat files or ...). Use whatever templating language you want (or just return html from your methods. Anyhow, that's probably more info than you wanted. Good luck! Christian http://www.dowski.com ps And as a beginner, I would _not_ start with something like mod_python ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Intercodes Sent: Wednesday, January 25, 2006 12:59 PM To: tutor@python.org Subject: [Tutor] mod_python and other web frameworks Hello everyone, Disclaimer: Beginner. I have an idea of coding a web application and decided to do it entirely with python (reddit style). I started looking for web programming in python and somehow I saw mod_python first. Iam perusing the help document now. Few minutes of browsing confused my mind entirely , since it seems there are about 20 different web frameworks available for python. I am left clueless as to pick which one. I have an soft side towards the one I picked first. Considering yourself as a beginner to python ,do you prefer mod_python over all other framework?. Say if you want to create a blog , will mod_python suffice? And is mod_python and cgi (the python lib) different? -- Intercodes ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
Christian,You are certainly right. I couldn't get anything apart from Hello world coding in mod_python. The mod_python manual is also bit vague, not for beginners. I wonder why there aren't any good tutorials on mod_python. I am having a look at quixote as a developer in this list suggested. I would take a look at cherrypy if quixote is too deep for me.Thanks for your time and the example. I believe your website is written completely in cherrypy. Working on so many projects ,nice work. Intercodes# simple exampleimport cherrypyimport time class MySection(object):@cherrypy.exposedef index(self):yield h1Hello, world!/h1yield a href=''Check the time/a# if you are using Python 2.3, you do the following to expose a method# index.exposed = True@cherrypy.exposedef time(self):return pThe current time is %s/p % self.get_time() # this method is not exposed and thus not accessible from the webdef get_time(self):return time.ctime()# mount the class at the server rootcherrypy.root = MySection()cherrypy.server.start ()# end of exampleYou can then run that script and visit http://localhost:8080/.Thatwill call the index method of the MySection object mounted at theserver root.You can also visit http://localhost:8080/time.However,http://localhost:8080/get_time is _not_ available to the web, because itis not exposed. Anyhow, CherryPy is very pythonic and flexible.Use whatever DB youwant (or flat files or ...).Use whatever templating language you want(or just return html from your methods.Anyhow, that's probably more info than you wanted.Good luck! Christianhttp://www.dowski.comps And as a beginner, I would _not_ start with something likemod_python ;-) ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
Hi, I recommend checking out the Turbogears 20 minute Wiki tutorial, although I'd hold off using it until the 0.9 release comes out with some useful changes. When you use it, it sits behind mod_python and responds to requests made. You can see a Turbogears error message here - :D http://digitalsouth.net.nz/~cyresse/index.htm that I've been playing with. Normally it works. ;) Django is also worth having a look at, but it's a bit sharper to learn The Turbogears Google group is really supportive, by the way. Regards, Liam Clarke On 1/26/06, Intercodes [EMAIL PROTECTED] wrote: Hello everyone, Disclaimer: Beginner. I have an idea of coding a web application and decided to do it entirely with python (reddit style). I started looking for web programming in python and somehow I saw mod_python first. Iam perusing the help document now. Few minutes of browsing confused my mind entirely , since it seems there are about 20 different web frameworks available for python. I am left clueless as to pick which one. I have an soft side towards the one I picked first. Considering yourself as a beginner to python ,do you prefer mod_python over all other framework?. Say if you want to create a blog , will mod_python suffice? And is mod_python and cgi (the python lib) different? -- Intercodes ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
Lolo,Thanks for the boost up. I am looking at PSP now and it seems promising. 3 days is impossible for me :) ...maybe a week or more. I will certainly have a look at 'mighty' once I am familiar with mod_python. List: I am still open to suggestions.Thank You.Intercodes--On 1/26/06, Lolo [EMAIL PROTECTED] wrote:Hi guys,I'm using PSP module from mod_python for professional stuff.It's quick and easy to use, so it will be easy tocreate your blog in 3 or 4 days.You can put directly your python code in an html webpage.But currently i take a look at migthy( http://www.myghty.org/index.myt), it's a very cooltemplating framework. And you can use it withmod_python.Have a nice day ...-- Intercodes ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
On 1/26/06, Intercodes [EMAIL PROTECTED] wrote: Liam, I checked the wiki video sometime back. If my memory wont fail me, the guy there never used a single line of python code ;) (I may be wrong) It seemed a totally new language that he used to create that wiki. Iam more inclined to code a lot rather than deal with such high abstraction, as I would like to improve my programming skills and get good python knowledge. I think ill give these two a try once I have some website running under something that uses more python code. I'd say you're referring to the Kid templating. html head title${title}/title etc. As the main handlers uses Cherrypy, which is very much Pythonic, and the object-relational mapper uses SQLObject which is also very Pythonic. For your reference if needed http://www.turbogears.org/docs/wiki20/ Anyhoo, your choice in the end, good luck with the deep end approach. Regards, Liam Clarke ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
Liam,I checked the wiki video sometime back. If my memory wont fail me, the guy there never used a single line of python code ;) (I may be wrong) It seemed a totally new language that he used to create that wiki. Iam more inclined to code a lot rather than deal with such high abstraction, as I would like to improve my programming skills and get good python knowledge. I think ill give these two a try once I have some website running under something that uses more python code. Thanks for your time.Thank You,IntercodesOn 1/26/06, Liam Clarke [EMAIL PROTECTED] wrote:Hi,I recommend checking out the Turbogears 20 minute Wiki tutorial, although I'd hold off using it until the 0.9 release comes out withsome useful changes.When you use it, it sits behind mod_python and responds to requests made.You can see a Turbogears error message here - :D http://digitalsouth.net.nz/~cyresse/index.htm that I've been playingwith. Normally it works. ;)Django is also worth having a look at, but it's a bit sharper to learn The Turbogears Google group is really supportive, by the way.-- Intercodes ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
On Thu, Jan 26, 2006 at 02:07:43AM +0530, Intercodes wrote: Lolo, Thanks for the boost up. I am looking at PSP now and it seems promising. 3 days is impossible for me :) ...maybe a week or more. I will certainly have a look at 'mighty' once I am familiar with mod_python. List: I am still open to suggestions. If you're looking to do some Python coding to put your site together, you might take a gander at Quixote (http://www.mems-exchange.org/software/quixote/). From what I've seen, it's the closest thing to coding a web site in Python. It works best with SCGI, but also with regular CGI and mod_python. gsf ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
Thanks for the input guys. I think ill go with Quixotemod_pythonpostgresXHTMLIll let you know if I have done something useful with the above four :DTYIntercodes If you're looking to do some Python coding to put your site together,you might take a gander at Quixote(http://www.mems-exchange.org/software/quixote/ ). From what I'veseen, it's the closest thing to coding a web site in Python. It worksbest with SCGI, but also with regular CGI and mod_python. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python and other web frameworks
--- Intercodes [EMAIL PROTECTED] wrote: List: I am still open to suggestions. Being also keen to write better web apps in Python, I've spent a considerable amount of time reading about this (and it is indeed confusing), I've opted to try out something like Pylons or Turbogears. One thing I will say though, is that most of the frameworks you've read about can be run on top of mod_python. So mod_python is not one of the lot - it is essential on Apache unless you opt to use CGI or FCGI. But as I understand it, you would always opt for mod_python over CGI or FCGI on a high-traffic website, though CGI or FCGI is of course fine for smaller things. But mod_python is not so easy to work with and it will only work on Apache. So it seems best to choose something else and run that through mod_python when you're on Apache. ___ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Mod_python greedy url matching
On Wed, 5 Oct 2005, Jay Loden wrote: I'm having trouble with Apache and Mod_python - mod_python is set to use /var/www/html and pass all *.htm files on to the handler I wrote. Unfortunately, mod_python does a greedy match, so /var/www/html/subdirectory/file.htm still gets passed to the handler! Is there some way to limit the handler to the directory and NOT include subdirectories? Hi Jay, You may want to ask the Apache folks about this one. Your question specific enough that the Apache folks will probably be better at this one than Python-Tutor. If you strip your question to its essentials, it really is an Apache configuration problem more than anything else; it really isn't related to Python except from the tangential relation to mod_python. The behavior you're seeing is how Apache deals with all Directory-specific directives: subdirectories acquire the properties of their parent directory. But from the notes in: http://httpd.apache.org/docs/2.0/sections.html http://httpd.apache.org/docs/2.0/mod/core.html#directory http://httpd.apache.org/docs/2.0/mod/mod_mime.html#removehandler it sounds possible for you to apply a RemoveHandler directive on the subdirectories of whatever parent directory you're trying not to handle. However, since we're really straying away from programming topics and into web-server system administration, I'd strongly recommend continuing this question on a mailing list like the one listed in: http://httpd.apache.org/lists.html#http-users ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python on OS X
On Mon, 5 Sep 2005, Jan Eden wrote: I just tried installing mod_python on OS X (10.3.9). Installation went fine, and Apache starts up without complaining: Apache/2.0.53 (Unix) DAV/2 PHP/5.0.1 mod_python/3.1.4 Python/2.4.1 mod_perl/2.0.1 Perl/v5.8.1 configured -- resuming normal operations But when trying to actually use mod_python, I get: [Sat Sep 03 23:01:52 2005] [notice] child pid 2334 exit signal Bus error (10) [Sat Sep 03 23:01:53 2005] [notice] child pid 2333 exit signal Bus error (10) I searched the mod_python mailing list archives, but all hints and suggestions pointed to the installation stage. Hi Jan, Hmmm... Try posting that onto the mod-python mailing list. Bus Error indicates a low-level issue, and probably does mean that somthing got messed up during the installation. (But it could also mean a bug in mod_python: it's so hard to tell since it's a C extension. *sigh*) It looks that you have a locally customized verison of Python on your system. (As far as I know, Apple doesn't package Python 2.4 yet) Did you make sure to install mod_python by using that customized Python, rather than the system default? The folks on the mod_python mailing list will probably know more about this, so I'd strongly recommend asking them: http://mailman.modpython.org/mailman/listinfo/mod_python Tell them more details about how you installed mod_python --- the exact terminal lines you entered will be very helpful. Also, note that people on their list have been documenting their grievances about this: *grin* http://www.modpython.org/pipermail/mod_python/2004-June/015800.html His problem sounds very similar to yours, (though they report it with Apache 1.3) so I'd check with them and see if this has been fixed yet. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] mod_python on OS X
Hi Danny, Danny Yoo wrote on 05.09.2005: On Mon, 5 Sep 2005, Jan Eden wrote: [Sat Sep 03 23:01:52 2005] [notice] child pid 2334 exit signal Bus error (10) [Sat Sep 03 23:01:53 2005] [notice] child pid 2333 exit signal Bus error (10) It looks that you have a locally customized verison of Python on your system. (As far as I know, Apple doesn't package Python 2.4 yet) Did you make sure to install mod_python by using that customized Python, rather than the system default? I did. The folks on the mod_python mailing list will probably know more about this, so I'd strongly recommend asking them: Yes, it is probably the best thing to do, but I wanted to avoid getting involved with yet another mailing list. *sigh* Many thanks, Jan -- Unix is user friendly - it's just picky about it's friends. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor