It might not be a bad idea to improve password handling at this time. I
think the biggest problem is that password hases are not currently salted.
The hmac_hash function appears to take a salt but I didn't see any evidence
that is ever actually used.
The Django model seems sufficient:
2.0 should be a mark of maturity in my opinion. I fear change in software.
I strongly recommend you all to read the following article, because this is
not where we want to be in a few years:
http://www.unleashedmind.com/en/blog/sun/the-drupal-crisis
It's about the current state of the well
db.define_table('your_table',
#your other fields here
Field(added_on, 'datetime', default=request.now),
Field(updated_on, 'datetime', default=request.now,
update=request.now),
)
and don't bother, just do inserts and updates
I think what's going to happen is that 2.0.0 actually will be a normal
update (in fact Massimo said it will be a smaller update than 1.98 to 1.99).
Which maybe is just as well. I can't really think of any major improvements
that are really needed.
I think what's going to happen is that 2.0.0 actually will be a normal
update (in fact Massimo said it will be a smaller update than 1.98 to 1.99).
Which maybe is just as well. I can't really think of any major improvements
that are really needed.
perhaps you may be right, but at least
Stupid question.
Is there a way to get the english version of the book with the browser in
italian language? :-)
Thank you
On Wed, Sep 21, 2011 at 6:17 AM, Ivica Kralj ivicakr...@gmail.com wrote:
Wow, Impressive list... more features to play with... This is going to be
great :)
Thanks all
what browser?
IN firefox you go to preferences content language and set en as the
primary one.
On Wed, Sep 21, 2011 at 4:40 AM, Massimiliano mbelle...@gmail.com wrote:
Stupid question.
Is there a way to get the english version of the book with the browser in
italian language? :-)
Thank
And for Chrome or safari is there a way?
On Wed, Sep 21, 2011 at 9:49 AM, Bruno Rocha rochacbr...@gmail.com wrote:
what browser?
IN firefox you go to preferences content language and set en as the
primary one.
On Wed, Sep 21, 2011 at 4:40 AM, Massimiliano mbelle...@gmail.com wrote:
Ok found for Chrome:
Preferenze-Roba da smanettoni-Impostazioni di lingua e controllo
ortografico
Thank you for the tip
On Wed, Sep 21, 2011 at 9:51 AM, Massimiliano mbelle...@gmail.com wrote:
And for Chrome or safari is there a way?
On Wed, Sep 21, 2011 at 9:49 AM, Bruno Rocha
What's wrong with v 1.100, 1.101 etc?
Another +1 for the doco - keep it up to date !
The quality of the Book was what initially caught my eye with web2py.
I thought %^*%, I've never seen app doco done so well. It's a big
drawcard. Well done to whoever put it together.
Andrew
On Sep 21, 5:28 pm, Rahul rahul.dhak...@gmail.com
VCMS is a simple Content Management System developed with web2py. The
version 1.1 of VCMS released at Sep. 21st 20011. The update included:
article list pagination, RSS subscription, and query by exam date.
We enjoy developing with web2py a lot. If you are interested, you are
welcome to join us!
+1 for geospatial features.
Some ideas from three books:
Map Scripting 101, in
http://www.amazon.com/gp/product/1593272715/ref=s9_simh_gw_p14_d5_g14_i6?pf_rd_m=ATVPDKIKX0DERpf_rd_s=center-7pf_rd_r=023SASW38231TN3CV802pf_rd_t=101pf_rd_p=470938451pf_rd_i=507846
It's about mapstraction
+1 for geospatial features.
at the moment I'm working on a plugin_openlayers and I'll be glad to
share my work ASAP :)
Manuele
On 21/09/2011 11:29, puercoespin wrote:
+1 for geospatial features.
Some ideas from three books:
Map Scripting 101, in
On Wed, Sep 21, 2011 at 6:00 AM, Zphen sluk...@gmail.com wrote:
What's wrong with v 1.100, 1.101 etc?
Look here: http://semver.org/
No biggy, after considering the time it would take me to find the
right solution and integrate it properly vs the overall complexity of
the problem to solve, I decided to write my own solution and I am in
the middle of doing that.
The JSON grammar is quite simple and elegant (especially once you
Hello,
I've tried to edit my language files but my changes are all the time
overwritten when user logs off.
For example, on my menu.py I have:
(T('Adm Area'),False,URL('appadmin','index'),[])]
and in my es-es.py language file:
'Adm Area': 'Área administrativa',
The problem is, when the user log
Have you tried to update your language from the admin application? Or
how are you updating the language file?
Kenneth
Hello,
I've tried to edit my language files but my changes are all the time
overwritten when user logs off.
For example, on my menu.py I have:
(T('Adm
Can you guys make demo of english version? With more afford we can
have something competable against joomla! Good job!
On 9/21/11, chinakr chin...@gmail.com wrote:
VCMS is a simple Content Management System developed with web2py. The
version 1.1 of VCMS released at Sep. 21st 20011. The update
Both. First of all I was editing es-es.py file using an editor. But I
read in this group a recomendation using web admin app. But I still
have the same problem: If I edit the es-es.py file, it gets reseted
when another user logs in.
On 21 Set, 12:51, Kenneth Lundström
I don't know if it helps, but I've read this similar post this
morning:
http://groups.google.com/group/web2py/browse_thread/thread/ade440fe69428517/9bbb4d362d74ecad
One of the first answers is another question about Windows. I'm using
windows now, is this a problem?
On 21 Set, 12:57, Samuel Mac
Never used web2py on Windows so I guess we have to wait for somebody
with web2pyWindows expert.
My first thought is the web2py doesn´t notice/see that there excites an
es-es.py file already and copies the english over it. But that doesn´t
help you very much. Sorry.
Kenneth
I don't know
I noticed in my installation of web2py the largest file (about 7MB on
my system) is a binary file in the web2py root directory named
ABOUT. What is the purpose of this file, and can it be removed? My
apps seems to run OK locally without it.
-Jim
I had the same problem as you, I think. We wrote a cutomize login
method ,attached, to
check if the entered password was the same that was stored in the database, we
use the
http://packages.python.org/passlib/lib/passlib.hash.sha512_crypt.html.
If you wish you could write a new validator to
Hi,
In compileapp.py line 317 (compile_views) there is a regex that
matches ^[\w/]+\.\w+$, but the mobile views are called
view.mobile.html (instead of the normal view.html).
Now when you try to compile an app the mobile views are left out.
Simple solution would be to allow dots in the
If we are talking about improving security a bit, I would recommend that we
also hash passwords in the browser before sending them to the server. I just
read about this here:
http://dustwell.com/how-to-handle-passwords.html
Basically, when a user logs in, registers, or otherwise enters a
That's a LOT of stuff to document, but it's worth it. All of those great
features in just a short time. Everyone has been doing an awesome job!
Just tried to do a fresh install of GrooverWiki, the install works
fine but when I try to run it I get the following error :
Traceback (most recent call last):
File /var/web2py/gluon/restricted.py, line 192, in restricted
exec ccode in environment
File
Hello guy ,
i switched from using windows to Ubuntu , and i am trying to install
apache+python+mod_wsgi+web2py+postgresql from scratch , so i used the
one step deployment from the book:
wget http://web2py.googlecode.com/hg/scripts/setup-web2py-ubuntu.sh
chmod +x setup-web2py-ubuntu.sh
sudo
About the documentation. We add features all the time and it will take a
long time to document those in the book. Maybe we should be using something
like epydoc or sphinx to generate documentation from the code. Then we just
have to make sure we document the code properly (which we should all
My recomendation is:
install the debian package:
python-gluon
(install too python-web2py if you want to develop , if you just want
to deploy, only python-gluon is needed).
Read the /usr/share/doc/python-gluon/Readme.Debian
you'll only need to modify the name of your application path in the
scripts
On Wednesday, September 21, 2011 5:00:07 AM UTC-4, Zphen wrote:
What's wrong with v 1.100, 1.101 etc?
According to Massimo, going to a 3 digit minor version number will break the
version comparison
in older versions as well as web based upgrades.
On Wednesday, September 21, 2011 8:21:05 AM UTC-4, Ross Peoples wrote:
About the documentation. We add features all the time and it will take a
long time to document those in the book. Maybe we should be using something
like epydoc or sphinx to generate documentation from the code.
If I use SQLFORM.grid in the code below, I get an error message:
fields = reduce(lambda a,b:a+b,[[field for field in table] for table
in tables])
TypeError: reduce() of empty sequence with no initial value
If I use the 'data = ' lines using SQLFORM.smartgrid there is now problem.
query =
web2py version 1.98.2
I have a custom form on reset_password, where i want to have my own
validations on top of default validations, but reset_password_onvalidation
was not called on resetting password.
Digging into code, I observed that while fetching retrieve_password form
onvalidation is
+1
On Wednesday, September 21, 2011 2:43:20 AM UTC-4, pbreit wrote:
It might not be a bad idea to improve password handling at this time. I
think the biggest problem is that password hases are not currently salted.
The hmac_hash function appears to take a salt but I didn't see any evidence
True, but it's not updated. That's why I was leaning more towards Sphinx.
You could document the API and the web2py book at the same time. Again,
Django's documentation is always updated when they add new features because
they add the documentation to the code and rerun Sphinx. So there's no
That's odd -- ABOUT should be a small text file containing the following:
web2py is an open source full-stack framework for agile development
of secure database-driven web-based applications, written and programmable
in
Python.
Created by Massimo Di Pierro mdipie...@cs.depaul.edu
On
Thanks, I read the text about semantic versioning but it does not
mention anything about using three digits in the minor version being a
violation. In fact, I understood that the meaning of incrementing the
major version indicates breaking backward compatibility, which would
be misleading in the
Plain WRONG. Even the guy knows it: Note that a hacker could still sniff
the hashed password going over the network, and use that hash later to send
to the server and impersonate you. But at least the hacker can't use your
real password for other purposes.
You can try with two salts. One of
On Wednesday, September 21, 2011 8:49:40 AM UTC-4, Ross Peoples wrote:
True, but it's not updated.
It appears to be updated -- it says the date it was generated is the same
date as the last release. Or do you mean that the docstrings are not always
updated? That's probably true. Anyway, in
As that thread recommends, do you have this
installed: http://sourceforge.net/projects/pywin32/?
On Wednesday, September 21, 2011 7:05:53 AM UTC-4, Samuel Mac wrote:
I don't know if it helps, but I've read this similar post this
morning:
One did happen to me, web2py running on apache, I had not given permission
and did not run ...
Apache uses to run the web2py, easy and you do not have the server q is
loading ... about postgre pyscopg2 you will need ...
*
Obrigado,
Renato Fabro - @re_mf*
2011/9/21 José Luis Redrejo Rodríguez
Why not use the setup-web2py-ubuntu.sh script?
web2py/scripts/setup-web2py-ubuntu.sh
Richard
On Wed, Sep 21, 2011 at 9:28 AM, Re Fabro renato.fa...@gmail.com wrote:
One did happen to me, web2py running on apache, I had not given permission
and did not run ...
Apache uses to run the web2py,
sudo /etc/init.d/apache2 restart
Richard
On Wed, Sep 21, 2011 at 9:36 AM, Richard Vézina ml.richard.vez...@gmail.com
wrote:
Why not use the setup-web2py-ubuntu.sh script?
web2py/scripts/setup-web2py-ubuntu.sh
Richard
On Wed, Sep 21, 2011 at 9:28 AM, Re Fabro renato.fa...@gmail.com
I have also modified code in layout.html
left_sidebar_enabled = False
alternatively,
if left_sidebar_enabled and right_sidebar_enabled: width_content='10%'
(not sure if this is the correct way)
But it did not help.
Any tip on this issue?
---Vineet
On Sep 20, 7:51 pm, Vineet
On 21 September 2011 14:45, Johann Spies johann.sp...@gmail.com wrote:
query = db(db.akb_doccenter.id 0)
Is that a bug in my code or in the trunk?
The bug was in my code: it should be :
query=(db.akb_doccenter.id0)
Regards
Johann
--
May grace and peace be yours in abundance through the
this is wrong is not the same as field notation:
columns = [db.akb_doccenter.title, db.akb_doccenter.author,
db.akb_doccenter.publication_date,
db.akb_doccenter.doc_nr, db.akb_doccenter.location,
db.akb_doccenter.id]
must be:
columns = ['akb_doccenter.title',
That's what I thought it should be. I'm guessing I somehow made a
mistake once when tar zipping the directory and the output was stored
in ABOUT instead.
On Sep 21, 7:51 am, Anthony abasta...@gmail.com wrote:
That's odd -- ABOUT should be a small text file containing the following:
web2py is
Yes, I think the salting and hashing we're discussing is meant to protect
the passwords once on the server (i.e., if the server/database is
compromised). We'd need additional protection to protect them in transit.
Another option would be login over SSL, no?
Anthony
On Wednesday, September 21,
I am trying to include some jQuery functionality in one of the views
but can't seem to load the jQuery.js library correctly. Looking at
the internals of web2py I see a lot of jQuery calls internally but
can't seem to expose this capability in the views. Can someone show
me/explain how to write
in the view
{{extend 'layout.html'}}
script
$(document).ready(function () {
# your code goes here
});
/script
On Wed, Sep 21, 2011 at 10:34 AM, Mike Cobb mc...@cassicorp.com wrote:
I am trying to include some jQuery functionality in one of the views
but can't seem to load the
You should put the path first in layout.html
and in the same page you have to put the scripts
In views you have to do this
extend layout.html
(you have to put something else but my keyboard is not working)
On Wed, Sep 21, 2011 at 8:34 AM, Mike Cobb mc...@cassicorp.com wrote:
I am trying
what if i want to use fastCGI and postgresql and i installed
everything but how can i have a web2py folder with my app in it the
uses fCGI and Postgresql and ready to use by a python host ???
As far as i know, on Windows, web2py uses his own python interpreter.
If I install this package, it will autodploy all the files on my
Python 2.7 instalation folder. Is there another way?
Despite that, I dont know how can this package help me in this
problem... :)
On 21 Set, 15:07, Anthony
Just try and complete to make a working installation and then try something
else... That what I suggest you.
Apache and web2py work pretty well under ubuntu and are maybe easier to
deploy because a lot of poeple are using this config so the installation is
automated by the script.
If as you said
The script should work. What happens when you try to access your site? Do
you get an error message?
WSGI is generally better. Why do you want to use FastCGI?
Also, sometimes when installing app into prod or staging web2py
installation applications folder you need to restart Apache to make sure
everything work correct...
Richard
On Wed, Sep 21, 2011 at 11:41 AM, Richard Vézina
ml.richard.vez...@gmail.com wrote:
Just try and complete to make a
Why double salt. That's the point of SSL. we should only be concerned with
application level details not transport
On Sep 21, 2011 10:27 AM, Anthony abasta...@gmail.com wrote:
Yes, I think the salting and hashing we're discussing is meant to protect
the passwords once on the server (i.e., if the
:-)
On Sep 21, 4:25 am, chinakr chin...@gmail.com wrote:
VCMS is a simple Content Management System developed with web2py. The
version 1.1 of VCMS released at Sep. 21st 20011. The update included:
article list pagination, RSS subscription, and query by exam date.
We enjoy developing with
I believe this is fixed in trunk and the nightly built please check
it.
On Sep 21, 7:03 am, Corne Dickens corne.dick...@gmail.com wrote:
Hi,
In compileapp.py line 317 (compile_views) there is a regex that
matches ^[\w/]+\.\w+$, but the mobile views are called
view.mobile.html (instead of the
It is a lot of stuff but it doable in 2-3 weeks.
Massimo
On Sep 21, 7:13 am, Ross Peoples ross.peop...@gmail.com wrote:
That's a LOT of stuff to document, but it's worth it. All of those great
features in just a short time. Everyone has been doing an awesome job!
which db server?
On Sep 21, 7:19 am, Guy Nesher nesher@gmail.com wrote:
Just tried to do a fresh install of GrooverWiki, the install works
fine but when I try to run it I get the following error :
Traceback (most recent call last):
File /var/web2py/gluon/restricted.py, line 192, in
odd. Will cleanup tonight.
On Sep 21, 6:34 am, Jim Gregory bikesatw...@gmail.com wrote:
I noticed in my installation of web2py the largest file (about 7MB on
my system) is a binary file in the web2py root directory named
ABOUT. What is the purpose of this file, and can it be removed? My
What Bruno replied should work as long as your layout includes the line
{{include 'web2py_ajax.html'}}. web2py.ajax.html loads Jquery.
Hi all:
I think this topic is related with backward compatibilty discussed in
another thread, but anyway.
The situation:
I've developed an app using web2py src version 1.95.1, in this app I load a
form, from the view calling web2py_component using extension .load
Something like this:
#View:
+1 for fully english demo.
Will be appreciated :)
Sending passwords over SSL should be sufficient in most cases. Hashing the
password on the client side is slightly better and would provide better
protection for those who use SSL (wouldn't want to encourage that, though).
I think the only immediate need, though, is support for per-password
That should be for those who do not use ssl.
sqlite, is that an issue ?
On Sep 21, 4:55 pm, Massimo Di Pierro massimo.dipie...@gmail.com
wrote:
which db server?
On Sep 21, 7:19 am, Guy Nesher nesher@gmail.com wrote:
Just tried to do a fresh install of GrooverWiki, the install works
fine but when I try to run it I get the
I have two drop down list. They have foreign key so they're parent-child
structure. I want user to pick category from first list, which will execute
onchange event to dynamically update second list.
So far, I can confirm onchange event is working to return a string value by
calling 'echo'
Doing as in the article above, if x compromises the server x can login since
the hashed password *are the secret* . To do things right the hash of a
secret arriving from the client must be computed every time on the server
before comparison.
SSL hides the secret so it's a good choice.
mic
You do have to decorate the functions, but I regard that as just a
part of creating the function.
*in web2py its impossible!*
Not really. You just have to supply the code. It's not trivial, but
it's not rocket science, either. Heck, there might even by a pyslice
or plugin that does the job.
Yeah, I suspect it's doing an alphabetic comparison in which case 100 is
less than 99.
Mey be this: http://dev.s-cubism.com/plugin_lazy_options_widget
On Wed, Sep 21, 2011 at 1:13 PM, Omi Chiba ochib...@gmail.com wrote:
I have two drop down list. They have foreign key so they're parent-child
structure. I want user to pick category from first list, which will execute
onchange
There's a precedent. Linux just went to 3.0 on a minor update.
https://lkml.org/lkml/2011/7/21/455
This was changed due to a security risk. You now have to explicitly enable
generic views by specifying response.generic_patterns somewhere -- it is a
list of globs matching controller/function.extension.
To enable all generic views, add this in a model file:
response.generic_patterns = ['*']
I've found the paragraph of the book, that I readed when I'm saying: ...I
read somewhere in the book...
[http://www.web2py.com/book/default/chapter/13#Components]
If no .load view is specified, there is a generic.load that renders the
dictionary returned by the action without layout. It works
On Wednesday, September 21, 2011 11:57:03 AM UTC-4, Massimo Di Pierro wrote:
odd. Will cleanup tonight.
I think it's just on his system, not in the actual web2py distribution or
repo.
Anthony
I don't know what the implications are but you can adjust the left-sidebar
width in base.css:
#left_sidebar { width: 160px; float:left; display: none; }
The generic views are now disabled by default for security reasons. The
welcome scaffolding enables them on automatically on local page requests
only. If you want them available in production (bad idea) you need to add a
line of code.
Here are the options:
Enabled all the time:
On Wednesday, September 21, 2011 11:07:43 AM UTC-4, Samuel Mac wrote:
As far as i know, on Windows, web2py uses his own python interpreter.
If I install this package, it will autodploy all the files on my
Python 2.7 instalation folder. Is there another way?
If you have your own version of
Bruno:
Thanks. I was hoping it was that easy.
Mike
On 9/21/2011 9:32 AM, Bruno Rocha wrote:
in the view
{{extend 'layout.html'}}
script
$(document).ready(function () {
# your code goes here
});
/script
On Wed, Sep 21, 2011 at 10:34 AM, Mike Cobb mc...@cassicorp.com
That looks good too but I think all I need is to post 'model' or 'index'
function. I'm not familiar with jQuery but something like this...
http://api.jquery.com/jQuery.post/
Hi,
The ldap_auth module correctly auto-register the new user, but the
following fields are empty :
auth_user.first_name
auth_user.last_name
auth_user.email
Additionally, I would like to fetch some additional details from LDAP
(Active Directory) such as Manager, or phone number...
How can I
Nope,
In trunk there still is this regex match for the views.
(for models / controllers there is .+\.py, so maybe .+\.\w+ would be
better for the views?)
On 21 sep, 17:53, Massimo Di Pierro massimo.dipie...@gmail.com
wrote:
I believe this is fixed in trunk and the nightly built please check
I think if you were going to do client side hashing you would send out a
unique secret on each request. I don't think this is necessary at this
time. At least SSL gives those who want to be secure the option.
Thanks for the reply!
Very clear explanation!
So, I'll keep my .load files, for future customization of each components.
Thanks a lot!
Hey guys,
I am planning on designing a custom layout for web2py, can you guys tell me
where should I start from?
Thanks
--
*-Furqan Rauf*
*Do you love your creator? Love your fellow-beings first. -Prophet Muhammad
*
*http://www.amway.com/furqanrauf*
Well clearly I've sparked plenty of discussion. I am working on this
to fit my app need. Once I have a working model that doesn't break
other applications that use the default hashing and CRYPT functions
I'll post my work. As others have commented, the typical way for
storing the password
I am trying to implement a common login across multiple
applications.
It occurred to me that the applications needed to share the auth
tables, so I migrated from sqlite to Postgresql. The migration
appears to be working with my Purchasing application.
I pruned all the application table defs
I suspect you store something into a text field than changed the type
to blob. web2py expects blob data to be store b64encoded. If it was
stored when the field was a text, it was not encoded.
On Sep 21, 11:12 am, Guy Nesher nesher@gmail.com wrote:
sqlite, is that an issue ?
On Sep 21, 4:55
I see the need for this. I need to think bout how to do it in a
backward compatible way and in a way that works on GAE without joins.
Please open a ticket about it.
On Sep 20, 5:03 pm, António Ramos ramstei...@gmail.com wrote:
* The Web2py security methods put Notes ACL to shame?*
Can you
True. In fact 1.99 will resolve this problem but some people may jump
from 1.98 to 1.100 (pardon, 2.00) without passing through 1.99.
On Sep 21, 11:20 am, pbreit pbreitenb...@gmail.com wrote:
Yeah, I suspect it's doing an alphabetic comparison in which case 100 is
less than 99.
will fix this tonight stay tuned.
On Sep 21, 11:41 am, Corne Dickens corne.dick...@gmail.com wrote:
Nope,
In trunk there still is this regex match for the views.
(for models / controllers there is .+\.py, so maybe .+\.\w+ would be
better for the views?)
On 21 sep, 17:53, Massimo Di
Hi Omi:
I think, that you need a jQuery Load http://api.jquery.com/load/
something like
in the view:
jQuery.load( url to echo function, {params, like category id, if
necesary}, '#jquery selector of second combo' )
In the echo function:
validate that you get a valid category id
do a
html
head
{{response.files.append(URL(...))}} - Load aditionall css/js here
{{include 'web2py_ajax.html'}} - dont forget to include it here
/head
body
div class=container
{{block header}}
header {{=response.title /header- you can use blocks to create
dynamic layouts
{{end}}
{{include}} -
On Wed, Sep 21, 2011 at 2:14 PM, Cliff cjk...@gmail.com wrote:
auth.define_tables()
as you already have tables created,
you need:
auth.define_tables(migrate=False)
Using request.now is _guaranteeed_ to go backwards once a year in most of
the world (when going back from daylight saving time to standard time; the
date this happens differs between countries).
request.utcnow, which I mentioned in my original post (and appears in the
readme, but for some
I've just done an hg pull -u:
changeset: 2435:8cbfa1244549
tag: tip
user:mdipierro@massimo-di-pierros-macbook-2.local
date:Wed Sep 21 00:17:23 2011 -0500
summary: sys.exit(0), thanks Praneeth
The README file mentions request.utcnow, but the code doesn't. So either
1 - 100 of 152 matches
Mail list logo