Can someone please recommend a hands-on book or some articles about
security testing beside the Web Security Testing Cookbook (http://
www.amazon.com/Web-Security-Testing-Cookbook-Systematic/dp/0596514832
) ? I don't want to use Perl as recommended in that book.
Thanks in advance.
Thanks Jonathan Kenneth,
have successfully implemented the subdomain module based on your
feedback ( using request.env.http_host ) and setting it globally
( 0.py ) using the following function:
def get_subdomain():
Extracts subdomain from the url
try:
subdomain =
This isn't really a direct answer to your question but it might help clarify
some things for you (it got me thinking anyway)... it's a quote from a user
on another mailing list:
There's been a big move toward Javascript-heavy web apps in the last couple
of years, and new tools frameworks are
Can someone please recommend a hands-on book or some articles about
security testing beside the Web Security Testing Cookbook (http://
goo.gl/E1fbL ) ? I don't want to use Perl as recommended in that
book.
Thanks in advance.
Can someone please recommend a hands-on book or some articles about
security testing beside the Web Security Testing Cookbook
(http://goo.gl/E1fbL )? I don't want to use Perl as recommended in
that book.
Thanks in advance.
Sorry - posted broken link to CoffeeScript site. It should have been:
http://jashkenas.github.com/coffee-script/
On 3 February 2011 08:16, Tom Atkins minkto...@gmail.com wrote:
http://jashkenas.github.com
A few links, just to give you a start point
http://www.web2py.com/book/default/chapter/01#Security
http://www.pythonsecurity.org/
Awesome news, I am really curious to see where this is heading!
By the way, 2 weeks ago I wrote a short post on our experiences on web2py
and GAE. So I am extra thrilled, and will evangelize it even more. I really
hope web2py gains more traction in the Netherlands, there are so many
talented
Thanks a lot. Yeah, I'll go with OWASP.
On Feb 3, 3:54 am, Vasile Ermicioi elff...@gmail.com wrote:
A few links, just to give you a start point
http://www.web2py.com/book/default/chapter/01#Security
http://www.pythonsecurity.org/
According to the book the syntax to create an 'order by' query is
db(query).select(ALL,orderby=field).
What if I want to use more than one field in the 'order by' ?
Regards
Johann
--
May grace and peace be yours in abundance through the full knowledge of God
and of Jesus our Lord! His
Hello,
I have a field defined like this:
Field('state', 'string', requires=IS_IN_DB(db, 'state.id',
'state.abbreviation', zero=T('Choose one')))
If I create a SQLFORM like this,
form = SQLFORM(db.address, address)
I get what I expect: a drop-down menu displaying all of the
Hi Johann,
Just use |:
orderby=db.table.name|db.table.surname
On 3 fév, 13:56, Johann Spies johann.sp...@gmail.com wrote:
According to the book the syntax to create an 'order by' query is
db(query).select(ALL,orderby=field).
What if I want to use more than one field in the 'order by' ?
Hello,
I can't seem to find an easy way to check if a *group* has a
permission without making my own query on the auth_permission table
(and then I lose auth logging and the code is uglier).
auth.has_permission only works on users, not groups, as far as I can
tell. I need it for a control which
I think that the idea is that if you belong to a specific group you have
some specific rights.
I have not seen anything about giving permissions to groups.
Kenneth
Hello,
I can't seem to find an easy way to check if a *group* has a
permission without making my own query on the
As far as I understand, you then assign permissions to groups with
add_permission.
From the manual:
auth.add_permission(group_id, 'name', 'object', record_id)
gives permission name (user defined) on the object object (also user
defined) to members of the group group_id.
The problem is, there's
that's fantastic you get early access to the SDK, and hopefully that lets
you support new features faster.
Gone!
Thanks you.
Richard
On Wed, Feb 2, 2011 at 6:17 PM, Massimo Di Pierro
massimo.dipie...@gmail.com wrote:
This has already been fixed some some time ago in trunk. It is now:
if self.table[fieldname].type == 'boolean' and \
+ you can use ~ to reverse order.
http://web2py.com/book/default/chapter/06#orderby,-groupby,-limitby,-distinct
On Thu, Feb 3, 2011 at 2:21 PM, dederocks dediro...@gmail.com wrote:
Hi Johann,
Just use |:
orderby=db.table.name|db.table.surname
On 3 fév, 13:56, Johann Spies
On Feb 3, 2011, at 12:15 AM, Prashanth wrote:
If _next is set with some value ( eg: _next='myapp/default/show_id' :
show_id has @auth.login_required ) .. set_domain method will not get
called and it just redirects to the value set in _next variable in
which case I will not be able the
Another possible feature I hope to see in this or upcoming releases is
an official support for the admin app to have different users
(different users will be able view and edit only their apps). In
previous discussions, I think you implemented this in trunk. I hope
this feature becomes official.
Back Track
On Thu, Feb 3, 2011 at 3:19 AM, AW a2y2w...@gmail.com wrote:
Can someone please recommend a hands-on book or some articles about
security testing beside the Web Security Testing Cookbook
(http://goo.gl/E1fbL )? I don't want to use Perl as recommended in
that book.
Thanks in
I've written the validator like this:
def create():
db.booking.room_id.requires = IS_IN_DB(db, db.room.id, '%
(name)s',multiple=True)
form = crud.create(db.booking, next = URL('index'))
return dict(form=form)
and when I run it in the browser if I try to save the data I get a
ticket,
this is fixed in trunk already
On Feb 3, 7:01 am, Art Zemon a...@hens-teeth.net wrote:
Hello,
I have a field defined like this:
Field('state', 'string', requires=IS_IN_DB(db, 'state.id',
'state.abbreviation', zero=T('Choose one')))
If I create a SQLFORM like this,
form =
Hi guys, I'm currently facing a strange thing :)
I make use of datatables (jquery datatables.net) and jeditable to
update values in my db. If the user clicks on a value, he changes it
and sends it, thus, only the value of this field.
On the server part, i then do a
Hello,
SiliconIndia is organizing WebApps 2011 at Pune on Feb 26th,
2011.Drawing well-renowned thought-leaders, contributors,
influencer's, and organizations in the Web Development space, the
conference offers insight to develop industry-leading Web Development
projects. The conference brings
On Thu, Feb 3, 2011 at 11:08 AM, Clayton clayton.grass...@gmail.com wrote:
Hello,
I can't seem to find an easy way to check if a *group* has a
permission without making my own query on the auth_permission table
(and then I lose auth logging and the code is uglier).
auth.has_permission only
I think self['_last_reference'] = tmp is missing from insert() in
the dal.py:
Here is my suggested patch:
def insert(self,table,fields):
dfields=dict((f.name,self.represent(v,f.type)) for f,v in
fields)
# table._db['_lastsql'] = self._insert(table,fields)
tmp =
On Feb 3, 2011, at 6:14 AM, Franzé Jr wrote:
On Thu, Feb 3, 2011 at 11:08 AM, Clayton clayton.grass...@gmail.com wrote:
Hello,
I can't seem to find an easy way to check if a *group* has a
permission without making my own query on the auth_permission table
(and then I lose auth logging and
The problem is that unicity must be computed but it needs triggename.
You are not passing triggername when you do the update_rector and
web2y does not do what to do. web2py wants you to be explicit:
row=db.alarms(2)
row.update_record(message='rz',triggerName=row.triggerName)
On Feb 3, 4:40 am,
ok. will do this later today.
Massimo
On Feb 3, 11:10 am, Jonathan Lundell jlund...@pobox.com wrote:
On Feb 3, 2011, at 6:14 AM, Franzé Jr wrote:
On Thu, Feb 3, 2011 at 11:08 AM, Clayton clayton.grass...@gmail.com wrote:
Hello,
I can't seem to find an easy way to check if a
Sounds like a web2py-way soolution, simple and elegant :=)
Kenneth
On Feb 3, 2011, at 6:14 AM, Franzé Jr wrote:
On Thu, Feb 3, 2011 at 11:08 AM, Claytonclayton.grass...@gmail.com wrote:
Hello,
I can't seem to find an easy way to check if a *group* has a
permission without making my own
Here's an example of what I am trying to do - suppose I have an app
that tracks a sales pipeline in which each opportunity moves through a
series of stages (ending with either a closed sale or a lost sale).
In most daily usage, all I need to know is the current status. The
challenge is that I
hi all. i know we can use username instead of email by simply adding
username=True to auth, but i wanted to know if there happened to be a
way to use either.
for example, i have parent and children users, and i want kids to use
username, since they might not have email addresses. but i want
not sure if something like that is implemented, but here's what you can do:
before validating form:
1. check if email is given in post vars (instead of username)
2. if it is, make select query to db to find out username related to given
email
3. change variable (if email is given in username
I tried both web2py.py files on a different Mac and get the same errors. How
does python know where to find gluon? Is it a problem that I have python
installed separately on my Mac?
Hi All,
Not sure if anyone else has worked through the CRUD URLs described in
the book on p317, but the search URL described does not work: -
def client_search():
return dict(form=crud.search(db.client))
...works as expected, but using: -
def data():
return dict(form=crud())
...and
This might be doable by using _select (note the underscore) for the
inner selection.
Can you post the SQL command that you wish to accomplish?.
On Feb 3, 2:14 pm, Philip philip.el...@gmail.com wrote:
Here's an example of what I am trying to do - suppose I have an app
that tracks a sales
Yes, it's work. But appadmin database administraton redirects to admin/
default/index and rises invalid request error. How to fix it?
On 3 фев, 01:28, Massimo Di Pierro massimo.dipie...@gmail.com wrote:
Just rename its folder.
Counter indication: the redirection for appadmin login will break.
Looks like there are a couple occurrences of 'admin' in the top section of
the appadmin.py controller file (i.e., in the controllers folder of your
app) -- one for the redirection and one for the menu. Try changing those to
the new admin app name.
On Thursday, February 3, 2011 2:54:33 PM
Found a bug. I wrote:
def data(): return dict(form=crud())
The page .../default/data/select/orders creates a nice list of all
records in the orders table. The links in the ID column are wrong,
though. They are to URLs of this form:
.../default/read/orders/3
instead of
I think that bug has been fixed already in trunk:
https://groups.google.com/d/topic/web2py/iquAOtqZPNM/discussion
On Thursday, February 3, 2011 3:16:22 PM UTC-5, Art Zemon wrote:
Found a bug. I wrote:
def data(): return dict(form=crud())
The page .../default/data/select/orders creates a
Thanks Tom,
your answer helped me a lot.
I come to the following conclusion:
- Relatively little information, which much GUI interactive changes can best be
done in JS.
(btw I use PyJamas for that so I can program in pure Python)
- Much information, which heavily changes on the base of user
I expect that I am going about this the wrong way but here it
goes..
I am currently designing a form for my web2py website. When the user
clicks submit I would like my application to send me the form fields
via email.
My hosting provider will supply form mail.php files:
On Linux hosting
I am using GAE to run my website web2py application.
I have added the domain to my GAE site settings.
Does this affect the way i can access the files on my website? For
example I have a couple of image files @ root on my host, when I try
to explore to that location using a web browser I get an
I wouldn´t use those PHP scripts if you wan´t to use web2py.
You need to make a form with SQLFORM. I guess you wan´t to save the
fields to a database and send them to you via email.
In the if form.accepts section you gather the data and create the mail
you want to send.
Kenneth
I
hi all,
i'm testing powertable plugin but i can't make it work correctly (i
don't have the green plus icon for expand the row of a table item)
where is the problem?
this is my code:
def index():
Test powerTable
table = plugins.powerTable
table.datasource = db.auth_user
Too me it sounds like you have a problem with getting the data that
should be shown in details. If powertable never gets data that should be
displayed it doen´t show the green plus.
Why are you calling URL('myfunction.load') and not URL('myfunction')?
Kenneth
hi all,
i'm testing
Hi,
I want to use one server with two addresses, e.g. http://www.mydomain.org:80and
https://secure.mydomain.org:443
What shall I do:
- start two instances of web2py
- or use URL-rewrite?
Regards,
Martin
Do you have the latest version of the plugin?
Demo app and newest plugin version in: https://bitbucket.org/rochacbruno/
powertable/downloads
Hi,
I could not reproduce your model, but here it is my example app running.
MODEL
db.define_table('category',
Field('name'),
You all rock. Thanks for the fast response!
Clayton
Dear Brian,
Thanks a lot for your help.
On Feb 3, 4:29 am, Brian M bmere...@gmail.com wrote:
Neveen,
I've got a mini app that I upload excel files to for later parsing, here's
now I do it. Getting the file would probably be even easier if you used an
upload field in the DB CRUD forms.
hi marin. good thought -- i'll give that a try. thanks!
On Feb 3, 11:32 am, Marin Pranjic marin.pran...@gmail.com wrote:
not sure if something like that is implemented, but here's what you can do:
before validating form:
1. check if email is given in post vars (instead of username)
2. if it
I'm using GAE. Is there a possibility to perform a redirect back to a
page where I have come to perform authentication?
No need to start to instances of web2py. If you use Jonathan's new routers
syntax available in trunk you can put something like this in routes.py:
routers = dict(
BASE = dict(
domains = {
'www.domain.com:80 http://domain.com/' : 'myappname',
'secure.domain.com:443' :
there are 2 ports, so I think he must run 2 instances,
he can use router if he uses a proxy like nginx which will pass all
requests to the web2py
You are right. Having (re)read the documentation for re, I find that
it is working as advertised. My original regex was wrong. However, I
would argue that if the match found by regex.match() is different from
the input value, IS_MATCH should return an error. That is, in the
IS_MATCH.__call__
while not answering your select question, check out crud.archive:
http://web2py.com/book/default/chapter/07?search=archive
it's pretty slick and does the archiving for you automagically. now your
query is still a problem
this depends on many factors including:
* DNS config for the domain and sub-domains
* app.yaml
* routes.py
if you have the GAE app on 1 subdomain, and other web services on another
subdomain that is fine. if all traffic is going to the same sub-domain
which is mapped to GAE, GAE will
On Feb 3, 2011, at 3:03 PM, Ken wrote:
You are right. Having (re)read the documentation for re, I find that
it is working as advertised. My original regex was wrong. However, I
would argue that if the match found by regex.match() is different from
the input value, IS_MATCH should return an
On Feb 3, 2011, at 2:43 PM, Vasile Ermicioi wrote:
there are 2 ports, so I think he must run 2 instances,
he can use router if he uses a proxy like nginx which will pass all requests
to the web2py
It should work for Apache, too, as long as Apache is configured to go to web2py
for both
First of all, thank you for your quick response. I already figure it
out. That database was generated by the export to web2py tool from the
online database design. I made a new one by my hand without the
online tool following your tip and it worked! Thanks again and
congratulations for your work!
Thanks - I haven't used _select - I'm checking into it now.
Thanks,
Philip
On Feb 3, 2:54 pm, DenesL denes1...@yahoo.ca wrote:
This might be doable by using _select (note the underscore) for the
inner selection.
Can you post the SQL command that you wish to accomplish?.
On Feb 3, 2:14 pm,
Thanks a lot for your response, I tried to follow it but got a Not
defined error for the clean_session() function you'd mentioned. I
tried to force session.clear at the begging of modules/menu.py, but
the after logging out from my app, Janrain's plugin still recognized
me with Welcome back and
The messages initialized in this module is not passed to T.
Thus such as the message 'Registration needs verification' can not be
translated.
Please visit and register and login before mail address verification
at 'https://masel-style.appspot.com/questions/client/person', where
every thing is in
The Resources Documentation menu in the Welcome app is missing a link for
ch. 13 in the book. To add it, you can insert the following line between
lines 99 and 100 of /welcome/models/menu.py:
(T('Components and Plugins'), False,
'http://www.web2py.com/book/default/chapter/13'),
On Feb 3, 2011, at 3:43 PM, kawate wrote:
The messages initialized in this module is not passed to T.
Thus such as the message 'Registration needs verification' can not be
translated.
Please visit and register and login before mail address verification
at
The default URL's when using plugin_wiki are ugly:
/welcome/plugin_wiki/page/about
Does anyone have a good routes.py for this?
Can I disable httpserver.log when running in development mode?
I tried to change main.appfactory, but I messed it up, I also tried
options.py and does not works.
Can it be done?
Thanks
--
Bruno Rocha
http://about.me/rochacbruno/bio
Sorry, I didn't explain well enough.
The clean_session() function is something I wrote to reset all session
variables in the case the user is a different person logging in from the
same machine. So it contains lines like:
session.var1 = None
session.dict1 = {}
etc.
The nutshell is an
Hi, I have a few general questions, answers for which I didn't find in
the book:
1. How does the model work in web2py's MVC? What is the workflow? When
does the code from those files called? The only relevant information I
found was the sequence diagram from the book.
2. How does the following
Thanks a lot, could you post the complete code of your
clean_session()? (Why is session.forget is not sufficient?) You also
mentioned the placement of the above code in a model, why not in a
controller within the logout?
On Feb 4, 4:09 am, ron_m ron.mco...@gmail.com wrote:
Sorry, I didn't
Could someone else on a Mac give this a try to see if it works? I'm still
not able to run Web2py from the command line:
In Terminal in web2py.app/Contents/Resources, try:
$ python web2py.py
I continue to get this error on two different Macs:
localhost:Resources user$ python web2py.py
session.forget() will prevent you from adding to the session from that line
forward because it inhibits storing of the session to the file at the end of
the request. I only wanted to remove session variables if the new user was
not the same as the previous use logged into the application from
please check it in trunk.
On Feb 3, 11:10 am, Jonathan Lundell jlund...@pobox.com wrote:
On Feb 3, 2011, at 6:14 AM, Franzé Jr wrote:
On Thu, Feb 3, 2011 at 11:08 AM, Clayton clayton.grass...@gmail.com wrote:
Hello,
I can't seem to find an easy way to check if a *group* has a
try
web2py.py -l ''
On Feb 3, 7:37 pm, Bruno Rocha rochacbr...@gmail.com wrote:
Can I disable httpserver.log when running in development mode?
I tried to change main.appfactory, but I messed it up, I also tried
options.py and does not works.
Can it be done?
Thanks
--
Bruno
On Feb 3, 2011, at 8:00 PM, Massimo Di Pierro wrote:
please check it in trunk.
That looks about right. No log for the group case, but I don't think that a log
here is all that important anyway.
On Feb 3, 11:10 am, Jonathan Lundell jlund...@pobox.com wrote:
On Feb 3, 2011, at 6:14 AM,
On Feb 3, 8:27 pm, devGS vitali@geniestills.com wrote:
Hi, I have a few general questions, answers for which I didn't find in
the book:
1. How does the model work in web2py's MVC? What is the workflow? When
does the code from those files called? The only relevant information I
found was
How about you show me couple (say 5) of the database structures of the
applications that you have already written? I can go through it and get some
practical ideas.
When you create a new application with the wizard and you get to Step 1:
Setting Parameters
fields you fill out with parameters are little bit small, especially
Database Uri: and Security Key:
The preview of the selected layout could also be a little bit bigger.
Kenneth
I am getting No module named gluon.widget when trying to run web2py from
the command line on a Mac. Double-clicking web2py.app works fine. Does
double-clicking the app add some sort of path?
I have other versions of Python on my Mac. Should web2py be running off the
Python that comes in the
My guess is that you downloaded the Mac Binary distribution. You have
to run it as a mac app with
open web2py.app
if you want to run with your own python from command line, you must
get the source distribution.
On Feb 3, 11:48 pm, pbreit pbreitenb...@gmail.com wrote:
I am getting No module
I should mention that I have tried on two different Macs and I have tried
both the Current Download and the Nightly Build.
OK, thanks, that must be it. I noodled around with Snow Leopard python in
order to run Fabric from my Mac.
My previous post has look ambiguous enough. I use GAE to run my web2py
application.
Kenneth - i just copy the code from a powertable example app
(web2py.app.skrywer_powertable.w2p) now i try to delete .load
Bruno Rocha - i download it yesterday from your website
http://powertable.blouweb.com/ , now i try to re-download the plugin
from bitbucket
thanks for help!
Bruno Rocha -
On 3 February 2011 16:49, Marin Pranjic marin.pran...@gmail.com wrote:
+ you can use ~ to reverse order.
http://web2py.com/book/default/chapter/06#orderby,-groupby,-limitby,-distinct
On Thu, Feb 3, 2011 at 2:21 PM, dederocks dediro...@gmail.com wrote:
Hi Johann,
Just use |:
86 matches
Mail list logo