Re: [Tutor] mod_python authentication

[Alan Plum]

On Mo, 2009-12-07 at 23:10 -0500, Marc wrote: 
 While I agree with the cookie (as long as it has a short expiration),
 another way to do this is by using expiring tokenization (credentials+ some
 unique data for the transaction) in the URL header (see section 14.8 at
 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).  Tokenization
 substitutes some random string for confidential data (such as credentials).

This is essentially what I said about passing variables in the URL. The
important thing still is information hiding, though: you don't want the
user to have any clue what those variables mean so they can't modify
them too easily. This is also why you should never expose critical
variables (e.g. user ID) to possible modification.

 The payment card industry uses this in the form of an authorization code for
 card transactions.  Add to the data represented by the token some unique
 data (maybe a random number or some data from the last transaction - it
 doesn't matter as the token does not expose the data in any way) for each
 http transaction so you have unique token in each header and you can get an
 essentially stateful session with a method of checking authentication that
 has some spoof protection built in. 

The problem to keep in mind, though, is that your users may be
multi-tabbing, i.e. keeping several pages open at the same time. Don't
ever rely on a linear experience unless you're dealing with something
inherently linear like a survey (though in that case you should probably
try to keep it to one page, possibly updated with JavaScript requests if
the form doesn't look too friendly on one page) or a check-out process.

 Wrap it all in SSL/TLS and then you've
 got something.  Granted, this requires some serious server side work, and is
 probably not a good beginner exercise, but if this level is what you
 need  I have never coded anything like this in Python, but I can see
 abstractly how it could be done (I'm a novice with Python). If you're bored,
 you can read http://www.shift4.com/pdf/TokenizationWhitePaper.pdf especially
 sec1:7.

I agree that if you're going for high security/safety tokenization can
help, but for most intents and purposes it really isn't necessary. The
idea is to avoid re-submission (especially of counter-intuitively
side-effect non-free actions like GET requests) and make each action
uniquely identifiable, if I understand the method correctly.

This is normally only necessary for things like checkouts (keep track of
the order ID and make sure the customer can't accidentally place an
order twice e.g. by double-clicking the submit button or re-clicking it
if the connection hangs) or form submission that affects the server
state (e.g. posting a message to a forum, sending an e-mail, ...).

SSL/TLS is also usually overkill for most purposes. Certificates
provided by many non-commercial authorities will still trigger security
warnings in most browsers, so the only way to get one that isn't
counter-productive (i.e. diminishes trust rather than increasing it --
dodgy certificates are still valid certificates) is to shell out the big
money -- and unless you're into serious business (i.e. anything big
enough to justify the expenses), you probably can't be arsed.


Cheers,

Alan Plum

___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor

[Tutor] mod_python authentication

[Rayon]

How do I Check for an active login session on every page that requires
authentication

 

Been at this for days and it's holding me back can someone  plz help me with
some code examples. 

___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python authentication

[Alan Plum]

On Mo, 2009-12-07 at 09:35 -0400, Rayon wrote:
 How do I Check for an active login session on every page that requires
 authentication
  
 Been at this for days and it’s holding me back can someone  plz help
 me with some code examples.

To understand sessions you first need to understand that HTTP is a
stateless protocol: you connect, send your request, receive a response
and the connection is closed.

Sessions add a layer of abstraction to create functionality the protocol
doesn't provide: multiple requests are grouped and treated as belonging
together.

There are several ways to accomplish this. The most straightforward way
would be remembering the client's IP and persisting variables as
relative to that IP -- problem is, IPs are unreliable, can be faked, and
do not provide a strong indicator of identity (while an IP only resolves
to one machine at a time, that machine may be acting as a gateway or
proxy for multiple users connected from other machines -- also, many IPs
are dynamically allocated thanks to ISPs).

Another method is putting the session's ID in the URLs you display to
your users. This creates a lot of problems, though: the session is only
maintained as long as the user uses exactly the URLs you provide (they
won't stay logged in, for example, if they bookmark a plain URL without
the session ID) and it may accidentally be shared between different
users by passing the URL verbatim (most users don't know enough about
URLs to clean session IDs out of them before sending them to other
people -- or don't care!).

The fix for this is usually to restrict the session to an IP (which is
why you often see the checkbox Restrict my session to this IP in
log-in forms), but that screws you over if your IP may randomly change
between consecutive requests and thus may break the illusion.

The most common and reliable choice is the good old session cookie: a
cookie (a small data string) is sent to the browser, containing just the
session ID (and, sometimes, non-critical data such as accessibility
settings if the website provides them). Because the browser is normally
restricted to a single user, the session ID is stored in a safe place --
except it isn't really because some people use e.g. internet cafés and
such which may not dispose of session data regularly. Also, a user may
access the same site from different devices or places, therefore
hoarding cookies for different sessions creating consistency problems.

Still, cookies are the easiest and most reliable way to store a session
ID and non-critical data. If you couple them with IP restrictions and a
conservative expiry time (i.e. duration of inactivity until the session
becomes invalid or expired and all associated variables are wiped) and
provide a fallback mechanism for users who disabled (or can't accept)
cookies, you should have most scenarios covered (although some sites
actually just stick to cookies and provide no fallbacks).

So once you've decided on a mechanism to persist the session ID, let's
see what a session actually is. In most cases you want to use them for a
log-in mechanism: the user enters their username and password,
successfully, and is welcomed by a personal greeting and a new
navigation subtree that was previously unavailable.

In this case it may be tempting to simply store the user's ID and log-in
state in a cookie, but that'd be incredibly silly because the user can
easily edit them if he knows about cookies (even worse things can happen
if you provide useful variables like is_admin: False). Instead you
should store those variables in a safe place (persist them) like a
database or special session files.

The session ID acts as a key to the session file or database entry, so
you need to make sure it's not easily guessable: many websites use very
long seemingly-randomly generated strings (a hash of the user's IP and
the millisecond time of the session's creation may yield good results).

Also, if you want to persist something, make sure it's easily
persistable. A string variable is child's play, an open file on the
other hand may cause locking problems and if you deal with large volumes
of data (e.g. binary file uploads kept in memory) you may quickly run
out of space.

If you don't want to have to deal with all of these considerations and
instead prefer something shrinkwrapped and ready for use, Google is your
friend. Depending on what you use there are plenty of CGI-compatible
packages and WSGI frameworks to choose from.


Cheers,

Alan Plum

___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python authentication

[aivars]

Alan,
I am very impressed! This one goes to my knowledge base.
Thanks a lot.

2009/12/7 Alan Plum alan.p...@uni-koeln.de:
 On Mo, 2009-12-07 at 09:35 -0400, Rayon wrote:
 How do I Check for an active login session on every page that requires
 authentication

 Been at this for days and it’s holding me back can someone  plz help
 me with some code examples.

 To understand sessions you first need to understand that HTTP is a
 stateless protocol: you connect, send your request, receive a response
 and the connection is closed.

 Sessions add a layer of abstraction to create functionality the protocol
 doesn't provide: multiple requests are grouped and treated as belonging
 together.

 There are several ways to accomplish this. The most straightforward way
 would be remembering the client's IP and persisting variables as
 relative to that IP -- problem is, IPs are unreliable, can be faked, and
 do not provide a strong indicator of identity (while an IP only resolves
 to one machine at a time, that machine may be acting as a gateway or
 proxy for multiple users connected from other machines -- also, many IPs
 are dynamically allocated thanks to ISPs).

 Another method is putting the session's ID in the URLs you display to
 your users. This creates a lot of problems, though: the session is only
 maintained as long as the user uses exactly the URLs you provide (they
 won't stay logged in, for example, if they bookmark a plain URL without
 the session ID) and it may accidentally be shared between different
 users by passing the URL verbatim (most users don't know enough about
 URLs to clean session IDs out of them before sending them to other
 people -- or don't care!).

 The fix for this is usually to restrict the session to an IP (which is
 why you often see the checkbox Restrict my session to this IP in
 log-in forms), but that screws you over if your IP may randomly change
 between consecutive requests and thus may break the illusion.

 The most common and reliable choice is the good old session cookie: a
 cookie (a small data string) is sent to the browser, containing just the
 session ID (and, sometimes, non-critical data such as accessibility
 settings if the website provides them). Because the browser is normally
 restricted to a single user, the session ID is stored in a safe place --
 except it isn't really because some people use e.g. internet cafés and
 such which may not dispose of session data regularly. Also, a user may
 access the same site from different devices or places, therefore
 hoarding cookies for different sessions creating consistency problems.

 Still, cookies are the easiest and most reliable way to store a session
 ID and non-critical data. If you couple them with IP restrictions and a
 conservative expiry time (i.e. duration of inactivity until the session
 becomes invalid or expired and all associated variables are wiped) and
 provide a fallback mechanism for users who disabled (or can't accept)
 cookies, you should have most scenarios covered (although some sites
 actually just stick to cookies and provide no fallbacks).

 So once you've decided on a mechanism to persist the session ID, let's
 see what a session actually is. In most cases you want to use them for a
 log-in mechanism: the user enters their username and password,
 successfully, and is welcomed by a personal greeting and a new
 navigation subtree that was previously unavailable.

 In this case it may be tempting to simply store the user's ID and log-in
 state in a cookie, but that'd be incredibly silly because the user can
 easily edit them if he knows about cookies (even worse things can happen
 if you provide useful variables like is_admin: False). Instead you
 should store those variables in a safe place (persist them) like a
 database or special session files.

 The session ID acts as a key to the session file or database entry, so
 you need to make sure it's not easily guessable: many websites use very
 long seemingly-randomly generated strings (a hash of the user's IP and
 the millisecond time of the session's creation may yield good results).

 Also, if you want to persist something, make sure it's easily
 persistable. A string variable is child's play, an open file on the
 other hand may cause locking problems and if you deal with large volumes
 of data (e.g. binary file uploads kept in memory) you may quickly run
 out of space.

 If you don't want to have to deal with all of these considerations and
 instead prefer something shrinkwrapped and ready for use, Google is your
 friend. Depending on what you use there are plenty of CGI-compatible
 packages and WSGI frameworks to choose from.


 Cheers,

 Alan Plum

 ___
 Tutor maillist  -  tu...@python.org
 To unsubscribe or change subscription options:
 http://mail.python.org/mailman/listinfo/tutor

___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription 

Re: [Tutor] mod_python authentication

[Marc]

 On Mo, 2009-12-07 at 09:35 -0400, Rayon wrote:
  How do I Check for an active login session on every page that
 requires
  authentication
 
 To understand sessions you first need to understand that HTTP is a
 stateless protocol: you connect, send your request, receive a response
 and the connection is closed.
 
 There are several ways to accomplish this. The most straightforward way
 would be remembering the client's IP 
 Another method is putting the session's ID in the URLs you display to
 your users. 
 The most common and reliable choice is the good old session cookie

While I agree with the cookie (as long as it has a short expiration),
another way to do this is by using expiring tokenization (credentials + some
unique data for the transaction) in the URL header (see section 14.8 at
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).  Tokenization
substitutes some random string for confidential data (such as credentials).
The payment card industry uses this in the form of an authorization code for
card transactions.  Add to the data represented by the token some unique
data (maybe a random number or some data from the last transaction - it
doesn't matter as the token does not expose the data in any way) for each
http transaction so you have unique token in each header and you can get an
essentially stateful session with a method of checking authentication that
has some spoof protection built in.  Wrap it all in SSL/TLS and then you've
got something.  Granted, this requires some serious server side work, and is
probably not a good beginner exercise, but if this level is what you
need  I have never coded anything like this in Python, but I can see
abstractly how it could be done (I'm a novice with Python). If you're bored,
you can read http://www.shift4.com/pdf/TokenizationWhitePaper.pdf especially
sec1:7.  Ok, Ok, I'll shut up now - I've got to go play with some XML
anyhow...Thanks for listening.





___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor

[Tutor] mod_python authentication

[Rayon]

how to check whether a user is authenticated with mod_python

___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor

[Tutor] mod_python authentication

[Rayon]

I need to  setup a login page for a web application but I am not finding any
code in the mod_python doc that shows me how to do this. 

What is need is the code to tell apache to get this login data from a login
page. 

 

___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python authentication

[Benno Lang]

On Sat, Dec 5, 2009 at 8:26 PM, Rayon evosw...@hotmail.com wrote:
 I need to  setup a login page for a web application but I am not finding any
 code in the mod_python doc that shows me how to do this.

 What is need is the code to tell apache to get this login data from a login
 page.

If you want Apache to directly handle logins via HTTP auth then you
don't need to write any code, just configure your vhost or .htaccess
file (see for example the AuthUserFile directive).

OTOH if you want to build your own login system (e.g. with user
details stored in a database) then you:
1) Make a regular HTML form with username and password fields
2) Write whatever login processing code you need, and have the form
submit to it.
3) Check for an active login session on every page that requires
authentication, and redirect them back to the login form if necessary.

HTH,
benno.
___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor

[Tutor] mod_python authentication

[Rayon]

I need to  setup a login page for a web application but I am not finding any
code in the mod_python doc that shows me how to do this. 

What is need is the code to tell apache to get this login data from a login
page. 

 

OTOH if you want to build your own login system (e.g. with user details
stored in a database) then you:

1) Make a regular HTML form with username and password fields

2) Write whatever login processing code you need, and have the form submit
to it.

3) Check for an active login session on every page that requires
authentication, and redirect them back to the login form if necessary.

 

 

 

I need to know how to configure the httpd file to allow for this al so. 

 

___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor

[Tutor] mod_python

[Jason DeBord]

Is mod_python the only way to integrate python and apache2 ? I am interested
in using Python instead of PHP and would like to use Python's template style
as well as a framework such as Pylons or Django.

Thanks in advance!

-- 
- - - - - - - - - - - - -
Jason
Limoges, France
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python

[Serdar Tumgoren]

mod_wsgi is another option that supposedly has a smaller memory footprint
and, in my case, proved easier to configure than mod_python

http://code.google.com/p/modwsgi/

http://code.djangoproject.com/wiki/django_apache_and_mod_wsgi
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python

[Rich Lovely]

Wsgi is also more portable than mod_python: mod_python is solely  
available on the Apache httpd, whereas wsgi is available on many more.


---
Richard Roadie Rich Lovely
Part of the JNP|UK Famille
www.theJNP.com

(Sent from my iPod - please allow me a few typos: it's a very small  
keyboard)


On 28 Nov 2008, at 03:59 PM, Serdar Tumgoren [EMAIL PROTECTED]  
wrote:


mod_wsgi is another option that supposedly has a smaller memory  
footprint and, in my case, proved easier to configure than mod_python


http://code.google.com/p/modwsgi/

http://code.djangoproject.com/wiki/django_apache_and_mod_wsgi
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python

[Alan Gauld]

Jason DeBord [EMAIL PROTECTED] wrote

in using Python instead of PHP and would like to use Python's 
template style

as well as a framework such as Pylons or Django.


I can't speak for those two but ISTR that TurboGears had a fairly
comprehensive set of notes on how to configure with lots of front
ends including mod_python. Try checking out your preferred framework
site you might find all you need there.

mod_python is almost certainly not the *only* option, but it might
be the best for you.

Alan G 



___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python, mod_wsgi, web.py, django! What to use?

[Alan Gauld]

Alec Henriksen [EMAIL PROTECTED] wrote

So, lets say I want to develop a distributable web application (such 
as
phpBB or Drupal) for Python. What platform (mod_wsgi, mod_python) 
would
I use to reach as many users as possible, and on top of that, which 
(if

any) framework should I use to develop this web application?


The biggest limitation by far on Python web development is lack
of Python support on the web servers. You need to find a provider that
either gives you an account on a server with which you can install any
frameworks you desire, or, find a provider which supports your 
framework.


Even basic CGI with Python is a problem on most web hosting sites
because although PHP and Perl will usually exist(and often Java too)
it is much less common to find Python. And if you do it may be very 
old,

often v2.2 or even older!


What is currently lacking in Python's web application selection?


Very little is lacking on the Python side - see a recent thread here - 
but

support on commercial web hosts is patchy. You need to check exactly
what is available from your host before signing up.

HTH,


--
Alan Gauld
Author of the Learn to Program web site
http://www.freenetpages.co.uk/hp/alan.gauld 



___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python, mod_wsgi, web.py, django! What to use?

[Marc Tompkins]

On Mon, Sep 29, 2008 at 2:55 AM, Alan Gauld [EMAIL PROTECTED]wrote:

 The biggest limitation by far on Python web development is lack
 of Python support on the web servers. You need to find a provider that
 either gives you an account on a server with which you can install any
 frameworks you desire, or, find a provider which supports your framework.


In my experience, it's not that uncommon for hosting providers to support
Python - but most of the popular frameworks use long-running processes (I
put that in quotes because I suppose it's a matter of opinion exactly how
long is long.)  GoDaddy in particular, and budget shared hosting services in
general, don't support Django/TurboGears/Pylons etc. for this reason - but
if you want to roll your own, you can.

Django, TurboGears, and Pylons have pages that list hosting providers who
_do_ support them.
http://code.djangoproject.com/wiki/DjangoFriendlyWebHosts
http://docs.turbogears.org/1.0/Hosting
http://pylonshq.com/project/pylonshq/wiki/Hosting
-- 
www.fsrtechnologies.com
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

[Tutor] mod_python, mod_wsgi, web.py, django! What to use?

[Alec Henriksen]

Hello,

This is my first time posting to this board, so please forgive me if I
mess something up.

So, lets say I want to develop a distributable web application (such as
phpBB or Drupal) for Python. What platform (mod_wsgi, mod_python) would
I use to reach as many users as possible, and on top of that, which (if
any) framework should I use to develop this web application?

Also, what are some popular python web applications (forums, cms) that I
could take example of? What did they use?

What is currently lacking in Python's web application selection?
-- 
Alec Henriksen [EMAIL PROTECTED] @ http://alecwh.com

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python, mod_wsgi, web.py, django! What to use?

[Chris Babcock]

 So, lets say I want to develop a distributable web application (such
 as phpBB or Drupal) for Python. What platform (mod_wsgi, mod_python)
 would I use to reach as many users as possible, and on top of that,
 which (if any) framework should I use to develop this web application?

A lot of applications run on Apache with mod_wsgi or mod_python or as
stand alone applications with or without mod_proxy. For my own
environment, which usually involves some static pages and PHP apps, I
prefer mod_wsgi. If you go the framework route then your application
should end up being agnostic to this detail of the deployment.

I happen to like the TurboGears 2 framework. It implements Pylons with
a number of sane choices in the development environment. Using the SQL
Alchemy ORM means that I define my data in Python and call the mapper
instead of defining both a Python data structure and an SQL schema.
Where portability is an issue Alchemy takes care of it transparently.
Genshi is the default template engine for TG2. The performance is
adequate for me and that choice allows me to have non-Pythonista
friends work on the user interface.

 Also, what are some popular python web applications (forums, cms)
 that I could take example of? What did they use?

They used PHP. :-/

I think that Python suffered for a while because it was too easy to
write frameworks. For a long time it was a truism that there were as
many Python frameworks as developers. I think that made Python an
inconsistent performer for web applications, but mod_wsgi makes Python's
relative performance under Apache compared to other web scripting
languages a non-issue for the first time.

 What is currently lacking in Python's web application selection?

E-Commerce:

http://www.oreillynet.com/onlamp/blog/2007/08/fear_and_loathing_with_low_end.html

In Python e-commerce, the only significant player is Satchmo. There's
an alpha release for a plug-able CMS built on TG2 due for release next
week. I'd love to see an e-commerce plug-in.

Chris

-- 


Make a difference in the world and support more Diplomacy projects and
services then you can shake a dagger at, please read:

http://members.bluegoosenews.com/diplomacy/blog/2008/09/24/a_special_note_for_diplomacy_players
 - or - 
http://tinyurl.com/3wx6lb 

Blue Goose is willing to give me $250 to support various services and
projects in the Diplomacy hobby. The blog post above will tell you why
they are doing this, what I will do with the money, and what you can do
to help me get it.
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

[Tutor] mod_python

[Jalil]

I was just wondering if anyone know of a any good site with examples of
mod_python tutorial.
the mod_python manual assume isnt really that helpful.

thanks
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python

[Luke Paireepinart]

Jalil wrote:
 I was just wondering if anyone know of a any good site with examples 
 of mod_python tutorial.
 the mod_python manual assume isnt really that helpful.
I have been learning mod_python recently and I found the manual to be 
quite good...
what are you having problems with specifically?

 thanks


 

 ___
 Tutor maillist  -  Tutor@python.org
 http://mail.python.org/mailman/listinfo/tutor
   

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python mysqldb problem

[Danny Yoo]

On Thu, 23 Feb 2006, Patty wrote:

 def addpercent(mp, lp):
 conn = MySQLdb.connect(host = localhost, user = root, passwd =
 ,db =my_db)
 cursor = conn.cursor()
 cursor.execute (
 UPDATE targets
 SET mario_percent = %d, lizard_percent = %d
 WHERE target_name = 'anyname'
 , (mp, lp))
 db.commit()
 cursor.close()
 db.close()


Hi Patty,

Does this code work outside of the context of mod_python?

There's something slightly suspicious here in the use of the '%d' format
string:  I'm not sure MySQLdb will accept it.  Let me check...

According to the DB API on parameter styles:

paramstyle

String constant stating the type of parameter marker
formatting expected by the interface. Possible values are
[2]:

'qmark' Question mark style,
e.g. '...WHERE name=?'
'numeric'   Numeric, positional style,
e.g. '...WHERE name=:1'
'named' Named style,
e.g. '...WHERE name=:name'
'format'ANSI C printf format codes,
e.g. '...WHERE name=%s'
'pyformat'  Python extended format codes,
e.g. '...WHERE name=%(name)s'


(http://www.python.org/peps/pep-0249.html)

So '%s' acts as a placeholder --- a parameter marker --- where MySQLdb
will later substitute parameters into.  So I'm not certain that '%d' will
work properly.


In any case, you should never get a segfault in Python code, so something
strange is happening.  Try seeing if your code works outside of mod_python
first; that'll give us at least a little more assurance that it isn't
MySQLdb that's doing funny things.  You might also want to talk with the
mod_python folks, since they'll probably be able to give you ideas on how
to get better debugging output here.


Good luck to you!

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python mysqldb problem

[Patty]

Hi Danny,

I downloaded the latest version of mysqldb and my code worked. btw, I changed 
it to %s instead of %d. 

Thanks!
Patty



___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python mysqldb problem

[Danny Yoo]

 I downloaded the latest version of mysqldb and my code worked. btw, I
 changed it to %s instead of %d.

Hi Patty,

That's great news!  Does the whole thing work now, including the
integration with mod_python?  I'm following up and making sure that the
problem was simply the stale copy of MySQLdb.



Best of wishes!

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[wkranec]

There seems to be a discussion about this sort of thing every other
week or so, and I'm always surprised that no one mentions Cheetah
Templates (www.cheetahtemplate.org).  It's useful for both web and
non-Web applications, and has a straightforward syntax that pretty
much *is* Python.  For web programming, it can be used for straight up
CGI, or in a mod_python type setup.  I have used it several times and
really enjoyed it.

There's alot of work being done right now in preparation for a 2.0
release, so the web site should be very up to date, as well as the
tutorial / user's guide.  Check it out!

Bill

On 1/25/06, Ben Vinger [EMAIL PROTECTED] wrote:

 --- Intercodes [EMAIL PROTECTED] wrote:

  List: I am still open to suggestions.

 Being also keen to write better web apps in Python,
 I've spent a considerable amount of time reading about
 this (and it is indeed confusing), I've opted to try
 out something like Pylons or Turbogears.
 One thing I will say though, is that most of the
 frameworks you've read about can be run on top of
 mod_python.  So mod_python is not one of the lot - it
 is essential on Apache unless you opt to use CGI or
 FCGI. But as I understand it, you would always opt for
 mod_python over CGI or FCGI on a high-traffic website,
 though CGI or FCGI is of course fine for smaller
 things.
 But mod_python is not so easy to work with and it will
 only work on Apache.  So it seems best to choose
 something else and run that through mod_python when
 you're on Apache.






 ___
 Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with 
 voicemail http://uk.messenger.yahoo.com
 ___
 Tutor maillist  -  Tutor@python.org
 http://mail.python.org/mailman/listinfo/tutor

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Christian Wyglendowski]

Some others have already mentioned TurboGears, but since it sounds like
you want more control perhaps, I would recommend going with CherryPy
(http://www.cherrypy.org).  You basically write python code and then
expose it to the web (or intranet or whatever).

# simple example
import cherrypy
import time

class MySection(object):
@cherrypy.expose
def index(self):
yield h1Hello, world!/h1
yield a href='time'Check the time/a
# if you are using Python 2.3, you do the following to expose a method
#   index.exposed = True

@cherrypy.expose
def time(self):
return pThe current time is %s/p % self.get_time()

# this method is not exposed and thus not accessible from the web
def get_time(self):
return time.ctime()

# mount the class at the server root
cherrypy.root = MySection()

cherrypy.server.start()
# end of example

You can then run that script and visit http://localhost:8080/.  That
will call the index method of the MySection object mounted at the
server root.  You can also visit http://localhost:8080/time.  However,
http://localhost:8080/get_time is _not_ available to the web, because it
is not exposed.

Anyhow, CherryPy is very pythonic and flexible.  Use whatever DB you
want (or flat files or ...).  Use whatever templating language you want
(or just return html from your methods.

Anyhow, that's probably more info than you wanted.  Good luck!

Christian
http://www.dowski.com

ps And as a beginner, I would _not_ start with something like
mod_python ;-)


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Intercodes
Sent: Wednesday, January 25, 2006 12:59 PM
To: tutor@python.org
Subject: [Tutor] mod_python and other web frameworks

Hello everyone,

Disclaimer:  Beginner.

I have an idea of coding a web application and decided to do it entirely
with python (reddit style). I started looking for web programming in
python and somehow I saw mod_python first. Iam perusing the help
document now. 

Few minutes of browsing confused my mind entirely , since it seems there
are about 20 different web frameworks available for python. I am left
clueless as to pick which one. I have an soft side towards the one I
picked first. 

Considering yourself as a beginner to python  ,do you prefer mod_python
over all other framework?. Say if you want to create a blog , will
mod_python suffice? And is mod_python and cgi (the python lib)
different?


--
Intercodes


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Intercodes]

Christian,You are certainly right. I couldn't get anything apart from Hello world coding in mod_python. The mod_python manual is also bit vague, not for beginners. I wonder why there aren't any good tutorials on mod_python.
I am having a look at quixote as a developer in this list suggested. I would take a look at cherrypy if quixote is too deep for me.Thanks for your time and the example. I believe your website is written completely in cherrypy. Working on so many projects ,nice work.
Intercodes# simple exampleimport cherrypyimport time
class MySection(object):@cherrypy.exposedef index(self):yield h1Hello, world!/h1yield a href=''Check the time/a# if you are using Python 
2.3, you do the following to expose a method# index.exposed = True@cherrypy.exposedef time(self):return pThe current time is %s/p % self.get_time()
# this method is not exposed and thus not accessible from the webdef get_time(self):return time.ctime()# mount the class at the server rootcherrypy.root = MySection()cherrypy.server.start
()# end of exampleYou can then run that script and visit http://localhost:8080/.Thatwill call the index method of the MySection object mounted at theserver root.You can also visit 
http://localhost:8080/time.However,http://localhost:8080/get_time is _not_ available to the web, because itis not exposed.
Anyhow, CherryPy is very pythonic and flexible.Use whatever DB youwant (or flat files or ...).Use whatever templating language you want(or just return html from your methods.Anyhow, that's probably more info than you wanted.Good luck!
Christianhttp://www.dowski.comps And as a beginner, I would _not_ start with something likemod_python ;-)
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Liam Clarke]

Hi,

I recommend checking out the Turbogears 20 minute Wiki tutorial,
although I'd hold off using it until the 0.9 release comes out with
some useful changes.

When you use it, it sits behind mod_python and responds to requests made.
You can see a Turbogears error message here - :D
http://digitalsouth.net.nz/~cyresse/index.htm that I've been playing
with. Normally it works. ;)

Django is also worth having a look at, but it's a bit sharper to learn
The Turbogears Google group is really supportive, by the way.

Regards,

Liam Clarke

On 1/26/06, Intercodes [EMAIL PROTECTED] wrote:
 Hello everyone,

 Disclaimer:  Beginner.

 I have an idea of coding a web application and decided to do it entirely
 with python (reddit style). I started looking for web programming in python
 and somehow I saw mod_python first. Iam perusing the help document now.

 Few minutes of browsing confused my mind entirely , since it seems there are
 about 20 different web frameworks available for python. I am left clueless
 as to pick which one. I have an soft side towards the one I picked first.

 Considering yourself as a beginner to python  ,do you prefer mod_python over
 all other framework?. Say if you want to create a blog , will mod_python
 suffice? And is mod_python and cgi (the python lib) different?


 --
 Intercodes

 ___
 Tutor maillist  -  Tutor@python.org
 http://mail.python.org/mailman/listinfo/tutor



___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Intercodes]

Lolo,Thanks for the boost up. I am looking at PSP now and it seems promising. 3 days is impossible for me :) ...maybe a week or more. I will certainly have a look at 'mighty' once I am familiar with mod_python. 
List: I am still open to suggestions.Thank You.Intercodes--On 1/26/06, Lolo 
[EMAIL PROTECTED] wrote:Hi guys,I'm using PSP module from mod_python for professional
stuff.It's quick and easy to use, so it will be easy tocreate your blog in 3 or 4 days.You can put directly your python code in an html webpage.But currently i take a look at migthy(
http://www.myghty.org/index.myt), it's a very cooltemplating framework. And you can use it withmod_python.Have a nice day ...-- Intercodes
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Liam Clarke]

On 1/26/06, Intercodes [EMAIL PROTECTED] wrote:
 Liam,

  I checked the wiki video sometime back. If my memory wont fail me, the guy
 there never used a single line of python code ;) (I may be wrong) It seemed
 a totally new language that he used to create that wiki.

 Iam more inclined to code a lot rather than deal with such high abstraction,
 as I would like to improve my programming skills and get good python
 knowledge. I think ill give these two a try once I have some website running
 under something that uses more python code.

I'd say you're referring to the Kid templating.

html
head
title${title}/title

etc.

As the main handlers uses Cherrypy, which is very much Pythonic, and
the object-relational mapper uses SQLObject which is also very
Pythonic. For your reference if needed
http://www.turbogears.org/docs/wiki20/

Anyhoo, your choice in the end, good luck with the deep end approach.

Regards,

Liam Clarke
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Intercodes]

Liam,I checked the wiki video sometime back. If my memory wont fail me, the guy there never used a single line of python code ;) (I may be wrong) It seemed a totally new language that he used to create that wiki.
Iam more inclined to code a lot rather than deal with such high abstraction, as I would like to improve my programming skills and get good python knowledge. I think ill give these two a try once I have some website running under something that uses more python code. 
Thanks for your time.Thank You,IntercodesOn 1/26/06, Liam Clarke [EMAIL PROTECTED]
 wrote:Hi,I recommend checking out the Turbogears 20 minute Wiki tutorial,
although I'd hold off using it until the 0.9 release comes out withsome useful changes.When you use it, it sits behind mod_python and responds to requests made.You can see a Turbogears error message here - :D
http://digitalsouth.net.nz/~cyresse/index.htm that I've been playingwith. Normally it works. ;)Django is also worth having a look at, but it's a bit sharper to learn
The Turbogears Google group is really supportive, by the way.-- Intercodes
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Gabriel S Farrell]

On Thu, Jan 26, 2006 at 02:07:43AM +0530, Intercodes wrote:
 Lolo,
 
 Thanks for the boost up. I am looking at PSP now and it seems promising. 3
 days is impossible for me :) ...maybe a week or more. I will certainly have
 a look at 'mighty' once I am familiar with mod_python.
 
 List: I am still open to suggestions.

If you're looking to do some Python coding to put your site together,
you might take a gander at Quixote
(http://www.mems-exchange.org/software/quixote/).  From what I've
seen, it's the closest thing to coding a web site in Python.  It works
best with SCGI, but also with regular CGI and mod_python.

gsf
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Intercodes]

Thanks for the input guys. I think ill go with Quixotemod_pythonpostgresXHTMLIll let you know if I have done something useful with the above four :DTYIntercodes
If you're looking to do some Python coding to put your site together,you might take a gander at Quixote(http://www.mems-exchange.org/software/quixote/
).  From what I'veseen, it's the closest thing to coding a web site in Python.  It worksbest with SCGI, but also with regular CGI and mod_python.
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python and other web frameworks

[Ben Vinger]

--- Intercodes [EMAIL PROTECTED] wrote:

 List: I am still open to suggestions.

Being also keen to write better web apps in Python,
I've spent a considerable amount of time reading about
this (and it is indeed confusing), I've opted to try
out something like Pylons or Turbogears.
One thing I will say though, is that most of the
frameworks you've read about can be run on top of
mod_python.  So mod_python is not one of the lot - it
is essential on Apache unless you opt to use CGI or
FCGI. But as I understand it, you would always opt for
mod_python over CGI or FCGI on a high-traffic website,
though CGI or FCGI is of course fine for smaller
things.
But mod_python is not so easy to work with and it will
only work on Apache.  So it seems best to choose
something else and run that through mod_python when
you're on Apache.






___ 
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail 
http://uk.messenger.yahoo.com
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Mod_python greedy url matching

[Danny Yoo]

On Wed, 5 Oct 2005, Jay Loden wrote:

 I'm having trouble with Apache and Mod_python - mod_python is set to use
 /var/www/html and pass all *.htm files on to the handler I wrote.
 Unfortunately, mod_python does a greedy match, so
 /var/www/html/subdirectory/file.htm still gets passed to the handler!
 Is there some way to limit the handler to the directory and NOT include
 subdirectories?

Hi Jay,

You may want to ask the Apache folks about this one.  Your question
specific enough that the Apache folks will probably be better at this one
than Python-Tutor.

If you strip your question to its essentials, it really is an Apache
configuration problem more than anything else; it really isn't related to
Python except from the tangential relation to mod_python.  The behavior
you're seeing is how Apache deals with all Directory-specific directives:
subdirectories acquire the properties of their parent directory.

But from the notes in:

http://httpd.apache.org/docs/2.0/sections.html
http://httpd.apache.org/docs/2.0/mod/core.html#directory
http://httpd.apache.org/docs/2.0/mod/mod_mime.html#removehandler

it sounds possible for you to apply a RemoveHandler directive on the
subdirectories of whatever parent directory you're trying not to handle.

However, since we're really straying away from programming topics and into
web-server system administration, I'd strongly recommend continuing this
question on a mailing list like the one listed in:

http://httpd.apache.org/lists.html#http-users

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python on OS X

[Danny Yoo]

On Mon, 5 Sep 2005, Jan Eden wrote:

 I just tried installing mod_python on OS X (10.3.9). Installation went
 fine, and Apache starts up without complaining:

 Apache/2.0.53 (Unix) DAV/2 PHP/5.0.1 mod_python/3.1.4 Python/2.4.1
 mod_perl/2.0.1 Perl/v5.8.1 configured -- resuming normal operations

 But when trying to actually use mod_python, I get:

 [Sat Sep 03 23:01:52 2005] [notice] child pid 2334 exit signal Bus error (10)
 [Sat Sep 03 23:01:53 2005] [notice] child pid 2333 exit signal Bus error (10)

 I searched the mod_python mailing list archives, but all hints and
 suggestions pointed to the installation stage.


Hi Jan,

Hmmm... Try posting that onto the mod-python mailing list.  Bus Error
indicates a low-level issue, and probably does mean that somthing got
messed up during the installation.  (But it could also mean a bug in
mod_python: it's so hard to tell since it's a C extension.  *sigh*)

It looks that you have a locally customized verison of Python on your
system.  (As far as I know, Apple doesn't package Python 2.4 yet)  Did you
make sure to install mod_python by using that customized Python, rather
than the system default?


The folks on the mod_python mailing list will probably know more about
this, so I'd strongly recommend asking them:

http://mailman.modpython.org/mailman/listinfo/mod_python

Tell them more details about how you installed mod_python --- the exact
terminal lines you entered will be very helpful.

Also, note that people on their list have been documenting their
grievances about this:  *grin*

   http://www.modpython.org/pipermail/mod_python/2004-June/015800.html

His problem sounds very similar to yours, (though they report it with
Apache 1.3) so I'd check with them and see if this has been fixed yet.

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] mod_python on OS X

[Jan Eden]

Hi Danny,

Danny Yoo wrote on 05.09.2005:


On Mon, 5 Sep 2005, Jan Eden wrote:

[Sat Sep 03 23:01:52 2005] [notice] child pid 2334 exit signal Bus
error (10) [Sat Sep 03 23:01:53 2005] [notice] child pid 2333 exit
signal Bus error (10)

It looks that you have a locally customized verison of Python on
your system.  (As far as I know, Apple doesn't package Python 2.4
yet)  Did you make sure to install mod_python by using that
customized Python, rather than the system default?

I did.

The folks on the mod_python mailing list will probably know more
about this, so I'd strongly recommend asking them:

Yes, it is probably the best thing to do, but I wanted to avoid getting 
involved with yet another mailing list. *sigh*

Many thanks,

Jan
-- 
Unix is user friendly - it's just picky about it's friends.
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor