Setting filename in a response
Rather basic question. I've got to return a text file. response.headers['Content-Type'] = 'text/plain' return 'Hello, cruel world' The dialog pops out, but the filename is obviously blank and the browser comes up with some random one. How do i set it manually? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Setting filename in a response
Pavel Skvazh wrote: Rather basic question. I've got to return a text file. response.headers['Content-Type'] = 'text/plain' return 'Hello, cruel world' The dialog pops out, but the filename is obviously blank and the browser comes up with some random one. How do i set it manually? fname = hello_world.txt response.headers['Content-Disposition'] = \ 'attachment; filename=%s' % fname Alberto --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Where should I put code shared by multiple controllers?
On Wed, Jul 02, 2008 at 09:45:58PM -0700, Mike Orr wrote: So when I needed a a semi-generic auth library that uses three tables, I put the integrity-checking function in the model because it depends on several custom queries. But the main auth code, which checks the password and instantiates the User object containing the permissions, is in a lib module. Just for an alternate perspective... I've taken a rich-model approach. Since the model defines the objects that the application uses, it's very natural to make the objects rich by extending their business-logic functionality in the model. In my version of the above, I'd have a User object that was capable of doing something like: try: u = model.User(username, password) except AuthFailure: ... Higher-level business logic that combines many different pieces of functionality from different model objects goes into the lib. I've found one downside to putting more functionality inside the model code. Suppose there are two classes, model.A and model.B. If A refers to some piece of B, it's very easy to run into circular import statements. Fixing that is a bit of a headache, but I've gotten better at not doing that :) -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Exposing database Id via URL
On Thu, Jul 3, 2008 at 7:37 PM, Krishgy [EMAIL PROTECTED] wrote: Currently we expose the database tables primary key value in the URL. For example, to display the User profile, I use www.example.com/profile/view/12345 where profile is my controller and view controller function and 12345 is actually user id (table: profile, column: uid). Is this recommended approach? How secure is this? There are two issues. One, does it contain special characters (HTML/url markup, filesystem separator, etc? Most IDs are numeric or restricted to Python identifier characters ([A-Za-z_-]), so while you're checking it for validity you're simultaneously guaranteeing it doesn't contain troublesome characters. Numeric IDs are especially easy: 'if not id.isdigit(): abort(404. Invalid ID)'. The other issue is, does it matter if the public sees the ID? That depends on the application. In two apps I have running, there's nothing secret about the IDs; we don't mind if the user types the URL for convenience rather than going through all the screens and clicks. The only reason we don't promote it is users would get confused (what's this meaningless number for? does it have meaning outside your agency?) If the IDs were user-specific, such as bank account numbers, then there may be a reason to disguise them. -- Mike Orr [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Wildcard matching of '/' in the URL.
On Fri, Jul 4, 2008 at 2:29 AM, code_martial [EMAIL PROTECTED] wrote: Hi I have configured a URL structure in routing that looks like this: map.connect('myapp/search/:sstring/page:page/', controller='myapp', action='search') So, for example, in the following URL: myapp/search/some%20term/page2/, sstring = some term page = 2 Now the problem I face is that if the :sstring part contains a '/' somewhere, the URL turns into a 404. Is there a way to specify the route such that anything after 'myapp/search/' and upto '/page:page' gets assigned to :sstring? That's what wildcards are for. *string. Just remember they can't be next to a variable on either side. In this case it looks like you're safe because /page is static. However, Routes 1 has some ambiguities so you'll really just have to try it and see if it works. -- Mike Orr [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Exposing database Id via URL
just some points on 'hiding' ids- - if you're doing a social media site, with numeric ids your competitors and the annoying industry blogs will be judging and guaging your popularity and success by sequence ids - by using the ids, you're good on a pylons app... but lets say you need to offload something onto php or another system accesses the same database -- one that is not hardened against sql injection attacks. you have now exposed your ids - which are fkeys and indexes - to the public through pylons and have a vulnerability elsewhere. the security risk might not be in pylons, but you've opened the door for abuse on your db through other apps. our practice has needed us to ensure security to clients, and i'm sick of reading bloggers judging the success of sites based on sequence numbers and not on the spirit and activity of the active members. so we hide that, and in all companies i consult to, i insist that they hide numeric ids on everything. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
routes suggestion
any chance of patching routes/base.py with this: 671,672d670 if not routename and 'name' in kargs: routename = kargs['name'] it just sets the routename to the karg 'name' if its supplied and there's no name already specified why? personally, i like to manage my routing.py by looking at the url paths --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: routes suggestion
On Fri, Jul 4, 2008 at 1:19 PM, Jonathan Vanasco [EMAIL PROTECTED] wrote: any chance of patching routes/base.py with this: 671,672d670 if not routename and 'name' in kargs: routename = kargs['name'] it just sets the routename to the karg 'name' if its supplied and there's no name already specified why? personally, i like to manage my routing.py by looking at the url paths A lot of the problem is caused by the path changing position depending on whether a name is present. Routes 2 is planning a map.connect(name, path, variables=None, ...options...) syntax, which would fix their positions. Nameless routes would then have None in first position, if nameless routes are allowed at all. Given that and other changes, and the fact that Routes' syntax is already unwieldly complex, I'm afraid a 'name' karg would be too much disruption. You could subclass the mapper and add a connect methods that arranges the args as you prefer. -- Mike Orr [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Exposing database Id via URL
But how? What encryption/hashing method could be used to transform the numeric IDs to something less obvious? Sincerely, Jerry On Jul 4, 2:01 pm, Jonathan Vanasco [EMAIL PROTECTED] wrote: just some points on 'hiding' ids- - if you're doing a social media site, with numeric ids your competitors and the annoying industry blogs will be judging and guaging your popularity and success by sequence ids - by using the ids, you're good on a pylons app... but lets say you need to offload something onto php or another system accesses the same database -- one that is not hardened against sql injection attacks. you have now exposed your ids - which are fkeys and indexes - to the public through pylons and have a vulnerability elsewhere. the security risk might not be in pylons, but you've opened the door for abuse on your db through other apps. our practice has needed us to ensure security to clients, and i'm sick of reading bloggers judging the success of sites based on sequence numbers and not on the spirit and activity of the active members. so we hide that, and in all companies i consult to, i insist that they hide numeric ids on everything. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
paster shell doesn't work with 0.9.7rc1dev
Hi, I got a traceback when I was trying to enable paster shell with the development version. Any idea? Thanks. $ paster shell Traceback (most recent call last): File /usr/bin/paster, line 8, in module load_entry_point('PasteScript==1.6.3', 'console_scripts', 'paster') () File /usr/lib/python2.5/site-packages/PasteScript-1.6.3-py2.5.egg/ paste/scrip t/command.py, line 79, in run invoke(command, command_name, options, args[1:]) File /usr/lib/python2.5/site-packages/PasteScript-1.6.3-py2.5.egg/ paste/scrip t/command.py, line 118, in invoke exit_code = runner.run(args) File /usr/lib/python2.5/site-packages/PasteScript-1.6.3-py2.5.egg/ paste/scrip t/command.py, line 213, in run result = self.command() File /cygdrive/d/workspace/pylons-hg/pylons/commands.py, line 421, in comman d conf = appconfig(config_name, relative_to=here_dir) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 215, in appconfig global_conf=global_conf) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 248, in loadcontext global_conf=global_conf) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 278, in _loadconfig return loader.get_context(object_type, name, global_conf) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 409, in get_context section) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 431, in _context_from_use object_type, name=use, global_conf=global_conf) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 361, in get_context global_conf=global_conf) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 248, in loadcontext global_conf=global_conf) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 285, in _loadegg return loader.get_context(object_type, name, global_conf) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 561, in get_context object_type, name=name) File /usr/lib/python2.5/site-packages/PasteDeploy-1.3.2-py2.5.egg/ paste/deplo y/loadwsgi.py, line 587, in find_egg_entry_point possible.append((entry.load(), protocol, entry.name)) File /usr/lib/python2.5/site-packages/setuptools-0.6c8-py2.5.egg/ pkg_resource s.py, line 1912, in load File /usr/lib/python2.5/site-packages/Myghty-1.1-py2.5.egg/myghty/ importer.py , line 54, in import_module return builtin_importer(name, globals, locals, fromlist) File /cygdrive/d/workspace/tamama/tamama/config/middleware.py, line 4, in m odule from beaker.middleware import CacheMiddleware, SessionMiddleware File /usr/lib/python2.5/site-packages/Myghty-1.1-py2.5.egg/myghty/ importer.py , line 54, in import_module return builtin_importer(name, globals, locals, fromlist) File /usr/lib/python2.5/site-packages/Beaker-0.9.5-py2.5.egg/beaker/ middlewar e.py, line 12, in module from beaker.cache import CacheManager File /usr/lib/python2.5/site-packages/Myghty-1.1-py2.5.egg/myghty/ importer.py , line 54, in import_module return builtin_importer(name, globals, locals, fromlist) File /usr/lib/python2.5/site-packages/Beaker-0.9.5-py2.5.egg/beaker/ cache.py , line 32, in module import beaker.ext.google as google File /usr/lib/python2.5/site-packages/Myghty-1.1-py2.5.egg/myghty/ importer.py , line 54, in import_module return builtin_importer(name, globals, locals, fromlist) File /usr/lib/python2.5/site-packages/Beaker-0.9.5-py2.5.egg/beaker/ ext/googl e.py, line 1, in module from __future__ import absolute_import TypeError: import_module() takes at most 4 arguments (5 given) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---