Re: Hint: In case you are looking for button_to_remote
On Sun, 2008-02-17 at 13:06 -0800, Eric Ongerth wrote: So, you're thinking, OK, we have link_to_remote, which is what I've already used successfully to get one of my controllers to send back some text into my div, AJAX-style. Therefore why no button_to_remote? Why can I only do this with a plain text link and not with a stylish button? Or just use CSS to style the link to look like a button? Lots of people do this anyway since styling buttons isn't well supported across browsers. Cliff --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Authorize and Authentication with pylons
Chris AtLee escreveu: You can check it out here: http://atlee.ca/software/sentry Can't say that seeing the HTTP Basic example gave me much confidence. You might want to re-read that section. Don't take this very personally; I prefer to use security software created by nitpickers, if you see what I mean. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Pylons, sqlalchemy db awareness
Just noticed this not responded topic... maybe I can still help.. The Pylons session (nor even Java/Hibernate) DOES NOT have any knowledge of any parallel changes to underlying database that you use. So you a) shouldn't do concurrent modifications on database b) if you have to, then like you suggested: pool some DB info with some frequency. T. On Nov 10, 2007 9:13 AM, kettle [EMAIL PROTECTED] wrote: Maybe I can rephrase this more simply. I want to know if my pylons/ sqlalchemy session has realtime knowledge of the database it is working with, or if the only way to achieve this is through a stored procedure or constant polling. -joe On Nov 10, 4:57 pm, kettle [EMAIL PROTECTED] wrote: Hi, I am new to pylons/sqlalchemy, and not sure whether this question belongs in a sqlalchemy forum or this pylons forum but... basically I'd like to know what kind of awareness the sqlalchemy model for my pylons application has of the database. Specifically, does it have any kind of realtime knowledge of the database with regard to table updates or row insertions? If I want to know about updates to the database (many of which are coming from remote clients) and convey this information or log it in my pylons application, is there any way to do this without constantly polling the database, and if possible, also without implementing a trigger in the db, or an in memory copy of the latest updates/insertions? If sqlalchemy already has this awareness, how can access it/leverage it for my application? -joe -- _i__'simplicity_is_the_key'__tomasz_nazar _ii'i_am_concern_oriented'JKM-UPR _iii__'patsystem.sf.net'___linux_user _'aspectized.com'___prevayler --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Authorize and Authentication with pylons
Ah, fooled again by the Reply-To:. What was meant as a very fast and private nitpick got to the list; sorry about that. Chris AtLee escreveu: Luis Bruno wrote: I prefer to use security software created by nitpickers, if you see what I mean. I don't quite understand what you mean. You forgot something here (I'm on nitpicket duty here): QWxhZGRpbjpvcGVuIHNlc2FtZQ==.split(:) ['Aladdin', 'open sesame'] I didn't invent the HTTP Basic authentication encoding. Sentry's goal is to provide the glue between the authentication information sent by the browser, and whatever backend you want to use. And I'm looking for another backend. Since this all got public, let me praise you on the simple-but-true description of HTTP Digest. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Authorize and Authentication with pylons
On Feb 18, 2008 12:27 PM, Luis Bruno [EMAIL PROTECTED] wrote: Chris AtLee escreveu: You can check it out here: http://atlee.ca/software/sentry Can't say that seeing the HTTP Basic example gave me much confidence. You might want to re-read that section. Don't take this very personally; I prefer to use security software created by nitpickers, if you see what I mean. I don't quite understand what you mean. The HTTP Basic example explains how the standard (RFC 2617) HTTP Basic authentication works, and as you can see it's very insecure. Is this what you were referring to? I didn't invent the HTTP Basic authentication encoding. Sentry's goal is to provide the glue between the authentication information sent by the browser, and whatever backend you want to use. So this includes Basic HTTP authentication. Hope this helps, Chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Hint: In case you are looking for button_to_remote
That's a handy suggestion. The point of my post was in another direction: that at least some of the possible situations in which you might find yourself wishing for a button_to_remote helper, are actually clues that you're trying to do something the hard way, That was exactly the case in my situation, where I was trying to accomplish something with two round trips from view to controller and back which I could have done directly in the view, using the combination of button_to_function and update_element_function. That's trivial to those with more experience, but others whose search results lead them to read this thread might be just as early in the process of grasping AJAX as I was yesterday. Thanks for the CSS idea too. On Feb 18, 9:38 am, Cliff Wells [EMAIL PROTECTED] wrote: On Sun, 2008-02-17 at 13:06 -0800, Eric Ongerth wrote: So, you're thinking, OK, we have link_to_remote, which is what I've already used successfully to get one of my controllers to send back some text into my div, AJAX-style. Therefore why no button_to_remote? Why can I only do this with a plain text link and not with a stylish button? Or just use CSS to style the link to look like a button? Lots of people do this anyway since styling buttons isn't well supported across browsers. Cliff --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Is it possible to steal the session in Pylons?
On Feb 18, 2008 4:35 PM, Ben Bangert [EMAIL PROTECTED] wrote: On Feb 17, 2008, at 3:59 AM, Leo wrote: So, subj. If someone steals the session id from cookies, will he be able to use it? As with every other website out there yes. Only using IP-based restrictions will help, but there's still quite a few people behind proxies, though nowhere near as many since ppl appear to be bailing on AOL finally. I have it on my todo list to add IP restrictions to sessions, but I should mention that ppl can hijack Google sessions as easily as any others, and they do. Generally, if you care a lot about security, use separate 'secure- only' cookies on SSL for sections that are critical, and just a more basic, less secure cookie for the rest of the site (assuming there is a less secure section to the site). I change IP addresses all of the time e.g. work, home, cafe wireless, 3G wireless card, etc. If I had to re-login to all of the web apps I use any time I open my laptop it would be pretty annoying. We don't really have this problem because we use SSL for any part of our app that has a login cookie, so it's non-trivial to sniff cookies. -bob --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Is it possible to steal the session in Pylons?
Yes, the fact that AOL customers have their ip addresses change every couple minutes is really annoying ... although, the first 3 parts of a 4-part ip address remains the same even for AOL customers, so you can do a partial ip-check for everyone. On Feb 18, 2008 4:35 PM, Ben Bangert [EMAIL PROTECTED] wrote: On Feb 17, 2008, at 3:59 AM, Leo wrote: So, subj. If someone steals the session id from cookies, will he be able to use it? As with every other website out there yes. Only using IP-based restrictions will help, but there's still quite a few people behind proxies, though nowhere near as many since ppl appear to be bailing on AOL finally. I have it on my todo list to add IP restrictions to sessions, but I should mention that ppl can hijack Google sessions as easily as any others, and they do. Generally, if you care a lot about security, use separate 'secure- only' cookies on SSL for sections that are critical, and just a more basic, less secure cookie for the rest of the site (assuming there is a less secure section to the site). Cheers, Ben --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Is it possible to steal the session in Pylons?
On Feb 17, 2008, at 3:59 AM, Leo wrote: So, subj. If someone steals the session id from cookies, will he be able to use it? As with every other website out there yes. Only using IP-based restrictions will help, but there's still quite a few people behind proxies, though nowhere near as many since ppl appear to be bailing on AOL finally. I have it on my todo list to add IP restrictions to sessions, but I should mention that ppl can hijack Google sessions as easily as any others, and they do. Generally, if you care a lot about security, use separate 'secure- only' cookies on SSL for sections that are critical, and just a more basic, less secure cookie for the rest of the site (assuming there is a less secure section to the site). Cheers, Ben smime.p7s Description: S/MIME cryptographic signature
Re: Store Mako templates in database
Finally, I made render_string() as following, http://d.hatena.ne.jp/pyxis-dev/20080219 Junya Hayashi On 2月14日, 午前8:45, junya [EMAIL PROTECTED] wrote: Hi, Thanks Mike. I took things too seriously, and missed the meaning of Buffet. I'll define custom render() without Buffet. I was thinking of providing same configuration to db stored templates as one of in file system. Inheritances and includes are also required. But configure options are avairable in pylons.config or environ, so I'll use them. Thanks a lot ! Junya Hayashi There's no reason you have to use Buffet. Its purpose is to hide the differences between template engines for simple cases. But if you want to use extra features of a particular engine, you can just use the engine in its native manner, or write your own render function. The latter would be more convenient. You can define render() in environment.py to get the options, and import it into your controllers, or stick it into pylons.g. Since you're getting the templates from a database you won't need TemplateLookup except for inheritance and includes. You can create your own TemplateLookup with whatever options you want, or look through pylons.templating and pylons.wsgiapp and imitate how it discovers options for Mako. The next version of Buffet and its plugins will change significantly, so I wouldn't spend much time looking closely at the code or calling internal methods, because those will all change. -- Mike Orr [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: A few question about Making a Pylons Blog tutorial
On Feb 16, 2008 5:29 AM, John Smith [EMAIL PROTECTED] wrote: * Step 1.3 - Models and Data ** Typo? Put this in the [app:man] section. should be Put this in the [app:main] section. Typo. Fixed. ** Unicode Because databases cannot store Unicode directly, the sqlalchemy.convert_unicode option makes SQLAlchemy convert String columns to UTF-8 on write, and back to Unicode on read. Otherwise you'd get str strings containing whatever's in the database verbatim. (This is preferred over MySQL's ?use_unicode=1 option because it's database neutral.) I think the word Unicode here means probably UTF-16, Python's internal encoding. The sentence databases cannot store Unicode directly... made me wornder, thinking What? RDBMSs I know all support Unicode! IMHO, this part could be clearer by explicitly distinguishing python's unicode from UTF-8. It's different ways of saying the same thing. I don't know which is better. RDBMS's could store Unicode as an array of integers, but instead they store it as an encoded byte string. I believe Python uses UCS-16 or UCS-32, not UTF-16, but you're not supposed to know that. You're supposed to treat Unicode as an opaque type. ** Where to put engine_from_config And append this to the load_environment function: should be And append this to *the end* of the load_environment function: (After # CONFIGURATION OPTIONS HERE might be better) Again, different ways of saying the same thing. I changed it to Put this at the end of your load_environment function. ** Where's init_app? Why is some code in init_app and other code isn't? init_app is not mentioned until now. (I first thought this is a typo of init_model) Why is some code in init_app in config/environment.py and other code isn't? would be nice. It does mean init_model. init_app was an earlier name for that function. Fixed. ** What is websetup.py? I could not understand what websetup.py is for. Please add some explanation on this. websetup.py is called by paster setup-app. I don't see how to put an explanation in without making it too verbose, since paster setup-app is not introduced until later. * Step 4.2 - Adding Content ** Path to site.html ~/MyBlog/myblog/templates/toolkit/index.html ~/MyBlog/myblog/templates/toolkit/add.html The path to the site.html written in above two file should be '/blog/ site.html', not '/site.html' Fixed. -- Mike Orr [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---