It's not a real debugger; it just shows tracebacks to the user. I don't have any numbers about the overhead. My guess is it's negligible relative to IO.
On Mon, Sep 13, 2010 at 8:14 PM, Harshal <[email protected]> wrote: > Thanks Ikai for that. Do you also have any stats on what is the performance > overhead if the debugger is left on? > > > > On Tue, Sep 14, 2010 at 3:24 AM, Ikai Lan (Google) < > [email protected] <ikai.l%[email protected]>> wrote: > >> Hey everyone, >> >> I just wanted to do a quick post to remind everyone writing Python >> applications that you'll probably want to turn Debug mode off when you >> deploy your applications. This code snippet that ships with Webapp: >> >> application = webapp.WSGIApplication([ >> ('/', MainPage) >> ], debug=True) >> >> ... should look like this before deployment: >> >> application = webapp.WSGIApplication([ >> ('/', MainPage) >> ]) >> >> (You can also explicitly set debug=False, but this is a default value) >> >> Most of the time, forgetting to do this is pretty harmless. However, by >> not turning the debug flag off, you risk exposing possible sensitive keys or >> information to an end user looking at your site from a web view. Consider >> the following micro application: >> >> http://pastie.org/1156814 >> >> If we leave the debug flag set to true and the exception is raised, we get >> a traceback that looks like this: >> >> Traceback (most recent call last): >> File >> "/Users/ikai/Library/appengine/google_appengine_1_3_5/google/appengine/ext/webapp/__init__.py", >> line 511, in __call__ >> handler.get(*groups) >> File "/Users/ikai/Documents/python/exporesource/main.py", line 21, in get >> wrapper(True) >> File "/Users/ikai/Documents/python/exporesource/main.py", line 16, in >> wrapper >> sensitive("[email protected]", "password", throws_exception) >> File "/Users/ikai/Documents/python/exporesource/main.py", line 11, in >> sensitive >> raise CrazyException() >> CrazyException >> >> >> Oops, we just exposed a password. This behavior is documented here: >> >> >> http://code.google.com/appengine/docs/python/tools/webapp/wsgiapplicationclass.html >> >> It's fairly unlikely you'll have plaintext strings in your code like in >> the example, but it definitely does happen ( >> http://news.ycombinator.com/item?id=1685615). We'll update the docs to be >> more explicit about this behavior, but in the meantime, we've just decided >> to post in the groups to let everyone know. >> >> >> -- >> Ikai Lan >> Developer Programs Engineer, Google App Engine >> Blog: http://googleappengine.blogspot.com >> Twitter: http://twitter.com/app_engine >> Reddit: http://www.reddit.com/r/appengine >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<google-appengine%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
