[web2py] Re: Compute return only the last result

[Dave S]

On Thursday, February 25, 2016 at 5:45:57 AM UTC-8, Gael Princivalle wrote:
>
> Hello all.
>
> I use this function for resizing images for full size and thumbnails:
>
> def SMARTHUMB(image, box, fit=True, name="thumb"):
> #Downsample the image.
> #@param img: Image -  an Image-object
> #@param box: tuple(x, y) - the bounding box of the result image
> #@param fit: boolean - crop the image to fill the box
> if image:
> request = current.request
> img = Image.open(request.folder + 'uploads/' + image)
> #preresize image with factor 2, 4, 8 and fast algorithm
> factor = 1
> while img.size[0] / factor > 2 * box[0] and img.size[1] * 2 / 
> factor > 2 * box[1]:
> factor *= 2
> if factor > 1:
> img.thumbnail((img.size[0] / factor, img.size[1] / factor), 
> Image.NEAREST)
>
> #calculate the cropping box and get the cropped part
> if fit:
> x1 = y1 = 0
> x2, y2 = img.size
> wRatio = 1.0 * x2 / box[0]
> hRatio = 1.0 * y2 / box[1]
> if hRatio > wRatio:
> y1 = int(y2 / 2 - box[1] * wRatio / 2)
> y2 = int(y2 / 2 + box[1] * wRatio / 2)
> else:
> x1 = int(x2 / 2 - box[0] * hRatio / 2)
> x2 = int(x2 / 2 + box[0] * hRatio / 2)
> img = img.crop((x1, y1, x2, y2))
>
> #Resize the image with best quality algorithm ANTI-ALIAS
> img.thumbnail(box, Image.ANTIALIAS)
>
> root, ext = os.path.splitext(image)
> thumb = '%s_%s%s' % (root, name, ext)
> img.save(request.folder + 'uploads/' + thumb)
> return thumb
>
> In the db:
> db.define_table('news',
> Field('title', type='string'),
> Field('image', 'upload'),
> Field('image_thumb', 'upload'),
> Field('image_big', 'upload'))
>
> box_thumb = (270, 158)
> db.news.image_thumb.compute = lambda row: SMARTHUMB(row.image, box_thumb)
> box_big = (770, 435)
> db.news.image_big.compute = lambda row: SMARTHUMB(row.image, box_big)
>
> The problem is that image_thumb have the same size as image_big.
>
> Someone know why?
>
> Thanks, regards.
>

Is it because you don't override the name parameter, so your thumb file 
gets over-written by the big file?

/dps
 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: WinINet and basic auth

[Dave S]

On Thursday, February 25, 2016 at 5:25:26 AM UTC-8, Niphlod wrote:
>
> oddly enough there's a "libcurl vs wininet" page on curl's site ...
>
> https://curl.haxx.se/libcurl/wininet.html
>
>
Oddly enough, nothing there was particularly surprising.

/dps
 

>
>
> On Thursday, February 25, 2016 at 10:19:41 AM UTC+1, Dave S wrote:
>>
>> On Thursday, February 25, 2016 at 12:12:28 AM UTC-8, Niphlod wrote:
>>>
>>> if wininet can't do basic auth, is it web2py's fault ?!?!?!
>>> curl is available also on windows :-P and it's pretty much the de-facto 
>>> reference. if it works with curl but not with wininet, it's wininet fault.
>>>
>>
>> So it seems.
>>  
>>
>>>
>>> as for digest auth, no, web2py doesn't support it out of the box.
>>>
>>>
>> Alas.
>>
>> /dps
>>  
>>
>>> On Thursday, February 25, 2016 at 1:06:20 AM UTC+1, Dave S wrote:



 On Tuesday, February 23, 2016 at 12:39:27 PM UTC-8, Dave S wrote:
>
> I'm trying to use Basic Auth with my restful service; see
>  http://web2py.com/books/default/chapter/29/10/services#Access-Control)
> for my starting point, although I'm doing a post.
>


 Also, does Web2Py support Digest auth?
 

 /dps
  

>
> curl --request POST -TransferEncoding C:\dir1\test1.txt --user 
> us...@servery.com:pwd1 http:
> //ww.zz.uu.39/uploader/default/shove/upstuff/ 
> 
> test1.txt
>
> This works fine from the command line (centos or Win7, as long as curl 
> is installed).
>
> And I successfully used this with libcurl in my Windows test client ("
> us...@servery.com" --> "user%40servery.com").  Tcpdump on the server 
> shows the u/p fields moved to an "Authorization:" header (Basic).
>
> When I try this from WinINet functions, the u/p stuff in the URL is 
> stripped but no "Authorization:" header is added.  Setting the u/p in 
> *InternetConnect()* seems to be ignored.  As a result, I get back a 
> 303 redirecting to the login page.  (I'm using shake-the-box Rocket 
> server 
> for prototyping, though I plan to move to nginx later.)
> This MS page suggests that WinINet is expecting a 401, although it 
> isn't clear that applies to Basic Auth or just challenge-response 
> authentication.
>  https://msdn.microsoft.com/en-us/library/windows/desktop/aa384220%28v=vs.85%29.aspx
> >
>
> Some StackOverflow hits suggest that I need to prepare the Basic Auth 
> header myself and use the* lpszHeaders* parameter of* 
> HttpSendRequest()*.  Is that my only choice, or am I missing 
> something?
>
> Thanks.
>
> Dave
> /dps
>
>
>
>
>  
>


-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: SQLFORM.factory upload field can't show link

[killzane]

This is the code in my controller
form = SQLFORM.factory(Field('list_name', 'string', label='List Name'), db.
project, table_name='project',upload=URL('download'))

for t in db.project:
query = (t.id == request.vars.id) 
__copydata(db(query).select(limitby=(0,1)).first(), form.vars, t.fields)

and this is in view
{{=form}}



Anthony於 2016年2月26日星期五 UTC+8上午12時19分03秒寫道：
>
> Can you show the code you are using to edit an existing record via 
> SQLFORM.factory?
>
> On Thursday, February 25, 2016 at 10:50:12 AM UTC-5, killzane wrote:
>>
>> Yes, I mean when I want to edit an existing record, there are no link. 
>> But I can find the file when use appadmin.
>>
>> Anthony於 2016年2月25日星期四 UTC+8下午10時41分32秒寫道：
>>>
>>> There should only be a file link if you are editing an existing record 
>>> (with an existing file). If you are displaying a "create" form, to what 
>>> file would you expect such a link to point?
>>>
>>> Anthony
>>>
>>> On Thursday, February 25, 2016 at 4:19:10 AM UTC-5, killzane wrote:

 This is my code
 form = SQLFORM.factory(Field('list_name', 'string', label='List Name'), 
 db.project, table_name='project',upload=URL('download'))

 And here is my db.py about upload field
 Field('project_pdf', 'upload', label='Project PDF', comment='', 
 uploadfolder='app/uploads'),

 When I use web2py's appadmin I can see the link like this picture


 



 but in my view I use 
 {{=form}}

 There are only choose file but not file link

 how could I do for it?

>>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: IMPORTANT - WEB2PY CONSULTING

[Rene Dohmen]

Hi Massimo,

you could remove me from the list: Formatics.nl
I still notice a lot of doublures on the current list.

Cheers,

Rene

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Preventing hackers from exploiting web2py with wsgi

[Anthony]

> Perhaps the question was ill posed, but not knowing the true role of wsgi 
> I don't know how I could have posted it differently.
>

I'd say if you don't really have an understanding of an issue, avoid 
definitive sensational headlines like "Preventing hackers from exploiting 
web2py with wsgi", as that makes it sound like this is a proven exploit in 
need of prevention. Instead, maybe something like, "Question about possible 
WSGI security issue." The reason for aiming to be more circumspect is that 
this is a public forum, and so anything negative posted here, even if 
untrue or misinformed, can quickly spread as FUD on the internets.

Also, it sounds like you believe you might be experiencing a current 
exploit. If that's the case, it would be better to present details and 
evidence about your concern.

Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: How to install web2py on CentOS 6.5 with Apache?

[Fabiano Almeida]

thanks Esau!

2016-02-24 19:48 GMT-03:00 Esau Hernandez Valles :

> I prefer web2py nginx on Centos.  I think this combination is better.
>
> check this link
> http://mwiki.yyovkov.net/index.php/Install_Web2py_on_CentOS_6
>
> On DigitalOcean there are a lot of tutorial. Only You have to sign-in.
>
> I think You have to checkscripts/setup-web2py-centos7.sh
>
> good lock
>
>
> El viernes, 19 de febrero de 2016, 9:48:59 (UTC-5), Fabiano Almeida
> escribió:
>>
>> Hi all,
>>
>> How to install web2py on CentOS 6.5 with Apache?
>>
>> Tks!
>>
>> Fabiano.
>>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Preventing hackers from exploiting web2py with wsgi

[Anthony]

> Perhaps the question was ill posed, but not knowing the true role of wsgi 
> I don't know how I could have posted it differently. Still, as I said, I 
> was recommended not to use wsgi and also not to use php. I was quite 
> surprised of being given such advice, but it was nonetheless what I got.
>

Do you have any details from the conversation -- i.e., what you asked and 
what they said exactly? It's possible they don't really know what they're 
talking about (or misunderstood your setup or question).
 

> Having primarily used php and web2py for web develoment, is the reason for 
> why I use apache in the first place.
>

Note, at least for Python web apps, the preferred deployment setup is now 
Nginx+uWSGI.

That being said, and taking your points into account for later, the problem 
> at hand for now is an exploit sending requests from the server. I'm not 
> sure if it has to with web2py, but I'm looking for tips for what could be 
> sending these requests. It is a third party that is doing it.
>

Are you experiencing a current potential exploit? If so, what is the 
evidence? Have you seen https://wiki.apache.org/httpd/ProxyAbuse?

As noted at that link, if you are seeing logs with GET requests to external 
sites with 200 response codes, that doesn't necessarily mean Apache proxied 
the requests to the external sites -- it just means that Apache returned 
*some* response (assuming you have disabled mod_proxy or have it configured 
securely, it would just respond with the default page of your default 
virtual host). In short, your logs might reflect completely normal behavior.

Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Preventing hackers from exploiting web2py with wsgi

[Niphlod]

np, sorry for any induced confusion.

now that we established boundaries, and taking into account that actual 
people told you to avoid php in the same discussion, I think that those 
people should now elaborate what's the real anger against php and python, 
which, BTW, are the "language of choice" of several VERY BIG players in the 
web department. Frankly speaking though, noone of those players are running 
either php or python behind apache.

I'm curious about your last comma though. Are we talking about a "potential 
vulnerability" (which I'm not aware of for recent builds of mod_wsgi) or 
something you faced in your production enviroment ?

/closely offtopic but still related/ : choosing apache "because I use 
mainly php and web2py for web development" is all kinds of funny because 
you can actually ditch apache in favour of nginx without any particular 
issue. 

On Thursday, February 25, 2016 at 6:56:36 PM UTC+1, Robin Manoli wrote:
>
> Thanks for your elaborate reply Niphlod.
>
> Perhaps the question was ill posed, but not knowing the true role of wsgi 
> I don't know how I could have posted it differently. Still, as I said, I 
> was recommended not to use wsgi and also not to use php. I was quite 
> surprised of being given such advice, but it was nonetheless what I got.
>
> Having primarily used php and web2py for web develoment, is the reason for 
> why I use apache in the first place.
>
> That being said, and taking your points into account for later, the 
> problem at hand for now is an exploit sending requests from the server. I'm 
> not sure if it has to with web2py, but I'm looking for tips for what could 
> be sending these requests. It is a third party that is doing it.
>
>>
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Preventing hackers from exploiting web2py with wsgi

[Robin Manoli]

Thanks for your elaborate reply Niphlod.

Perhaps the question was ill posed, but not knowing the true role of wsgi I 
don't know how I could have posted it differently. Still, as I said, I was 
recommended not to use wsgi and also not to use php. I was quite surprised 
of being given such advice, but it was nonetheless what I got.

Having primarily used php and web2py for web develoment, is the reason for 
why I use apache in the first place.

That being said, and taking your points into account for later, the problem 
at hand for now is an exploit sending requests from the server. I'm not 
sure if it has to with web2py, but I'm looking for tips for what could be 
sending these requests. It is a third party that is doing it.

Den torsdag 25 februari 2016 kl. 15:57:08 UTC+2 skrev Niphlod:
>
> didn't mean to startle anyone  amusement is personal entertainment, 
> meant as "if you want to try facing the hige problem by yourself and you 
> are willing to read through tons of docs".
>
> that being said IMHO the question was/is ill posed. "wsgi" (no *U*wsgi, 
> no *MOD_*wsgi) is just a spec. Anyone telling "you can't use wsgi because 
> it's not safe" is basically telling you NOT to use python for web 
> development, because it's really the only standard out there for python 
> apps.
>
> in your "quoted parenthesis" 
>
>
> * (which means not using web2py with apache)*
>
> you probably pointed out a reference to running wsgi under apache  
> that is mod_wsgi. Now, mod_wsgi works. It has some configuration parameters 
> that are hard to fine tune, but unrelated to security. As Kiran pointed 
> out, there are multiple CVEs affecting it.
> We, as web2py-developers, don't "block" any deployment method. Web2py 
> exposes a wsgi interface, and provides adapters for cgi, fastcgi, scgi and 
> wsgi protocols. You can deploy web2py also behind a reverse proxy using the 
> included webservers. This translates to "pretty much everywhere and behind 
> anything".
>
> However we, as "support people", often see lots of users facing really 
> weird issues deploying web2py with mod_wsgi under apache, and since there 
> are alternatives that are far superior, with less headaches, less resource 
> hungry, more scalable and with less security concerns, "encourage" dropping 
> apache+mod_wsgi architectures in favour of nginx+uwsgi ones.
> Apache in production DEFINITELY suffers a very simple DdOS attach known as 
> slowloris, that anyone knows, it's easy to do from any home internet 
> connection and that can be mitigated only if you put something in FRONT of 
> it. Why don't just drop apache alltogether ?
>
> In the end, web2py "should" be run under apache only and only if apache is 
> a requirement itself (e.g. it runs other applications written in other 
> programming languages).
>
> That being said, if you can point out the full extent of your chat we'll 
> probably be able to pinpoint the scary part and address your concerns. 
> If the problem is really "how can I prevent my web2py app to send GET 
> requests to other domains" the reply is simply "don't issue requests to 
> other domains". But that would be true indipendently from the webserver of 
> your choice.
> If the problem is, on the other end, "I've been told that mod_wsgi can be 
> exploited if not properly tuned, regardless of the underlying python app ", 
> once again, options are (from safer to less safer) 
> :
> - consider something else than apache
> - call an expert to fix apache and mod_wsgi
> - reading through mod_wsgi docs, mailing list and CVEs and pinpoint the 
> needed fix
>
>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: SQLFORM.factory upload field can't show link

[Anthony]

Can you show the code you are using to edit an existing record via 
SQLFORM.factory?

On Thursday, February 25, 2016 at 10:50:12 AM UTC-5, killzane wrote:
>
> Yes, I mean when I want to edit an existing record, there are no link. 
> But I can find the file when use appadmin.
>
> Anthony於 2016年2月25日星期四 UTC+8下午10時41分32秒寫道：
>>
>> There should only be a file link if you are editing an existing record 
>> (with an existing file). If you are displaying a "create" form, to what 
>> file would you expect such a link to point?
>>
>> Anthony
>>
>> On Thursday, February 25, 2016 at 4:19:10 AM UTC-5, killzane wrote:
>>>
>>> This is my code
>>> form = SQLFORM.factory(Field('list_name', 'string', label='List Name'), 
>>> db.project, table_name='project',upload=URL('download'))
>>>
>>> And here is my db.py about upload field
>>> Field('project_pdf', 'upload', label='Project PDF', comment='', 
>>> uploadfolder='app/uploads'),
>>>
>>> When I use web2py's appadmin I can see the link like this picture
>>>
>>>
>>> 
>>>
>>>
>>>
>>> but in my view I use 
>>> {{=form}}
>>>
>>> There are only choose file but not file link
>>>
>>> how could I do for it?
>>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] conflict with JQuery using multiple upload

[Ron Chatterjee]

I am looking at the link you send me. How do I make it work with web2py? 
What's my model file and controller?

On Wednesday, February 24, 2016 at 11:58:23 PM UTC-5, Ron Chatterjee wrote:
>
> On the high side, could have been worst. lol. Anyway, well. thanks Richard 
> for taking your time on this. 
>
>
>
> On Wednesday, February 24, 2016 at 11:55:05 PM UTC-5, Ron Chatterjee wrote:
>>
>> Seems to be little overkill with all that code in the view! lol. Anyway, 
>> here is the app that demonstrates the conflict.
>>
>> Model:
>> db.define_table('mytable',
>> Field('name', type='list:string', requires=IS_IN_SET 
>> (('True','False', 'Neither'), multiple=True)))
>>
>>
>> *View (default/main_page.html):*
>> {{extend 'layout.html'}}
>>
>> 
>> {{=BUTTON( 'Apply',_type="button",_class = "btn btn-default",_onclick=""" 
>> $('#cont_id').modal('show')   """)}}
>> Apply to see the modal
>> 
>> {{=main_pg}}
>>
>>
>> 
>> jQuery(document).ready(function() {
>>   var uploader = new qq.FileUploader({
>> // pass the dom node (ex. jQuery(selector)[0] for jQuery users)
>> element: document.getElementById('project-file-uploader'),
>> // path to server-side upload script
>> action: '{{=URL("upload_callback")}}/{{=request.args(0)}}',
>> sizeLimit: 15000,
>> minSizeLimit: 0,
>> allowedExtensions: ['xls','jpg', 'jpeg', 'pdf', 
>> 'txt','doc','htm','html','xml','xmls', 'txt','ppt','png', 'gif'],
>> // set to true to output server response to console
>> debug: true,
>>
>> // events
>> // you can return false to abort submit
>> onSubmit: function(id, fileName){},
>> onProgress: function(id, fileName, loaded, total){},
>> onComplete: function(id, fileName, responseJSON){},
>> onCancel: function(id, fileName){},
>>
>> messages: {
>> // error messages, see qq.FileUploaderBasic for content
>> typeError: "{file} {{=T('has invalid extension.')}} 
>> {{=T('Only')}} {extensions} {{=T('are allowed.')}}",
>> sizeError: "{file} {{=T('is too large, maximum file size 
>> is')}} {sizeLimit}.",
>> minSizeError: "{file} {{=T('is too small, minimum file size 
>> is')}} {minSizeLimit}.",
>> emptyError: "{file} {{=T('is empty, please select files again 
>> without it.')}}",
>> onLeave: "{{=T('The files are being uploaded, if you leave 
>> now the upload will be cancelled.')}}"
>> },
>> showMessage: function(message){ alert(message); }
>> });
>> });
>> 
>>
>> *Controller*:
>>
>> def modal_content():
>> form = SQLFORM(db.mytable) # or even form = SQLFORM.grid(...)
>> return dict(form=form)
>>
>> def main_page():
>> main_pg=DIV('')
>> #show_modal_btn = BUTTON( 'Show modal',_type="button",_class = "btn 
>> btn-default",_onclick=""" $('#cont_id').modal('show')   """)
>> form = LOAD(f='modal_content.load', ajax=True, ajax_trap=True  )  
>> dialog = modal_wrapper(form, _id='cont_id', header='Header', 
>> footer='footer')
>> #don't forget to add dialog and show_modal_btn to main page
>> #main_pg.append(show_modal_btn)   # or main_pg.append( 
>> DIV(show_modal_btn)  ) or something else
>> main_pg.append(dialog)
>> #main_pg.append(show_modal_btn) 
>> return dict(main_pg = main_pg)
>>
>>
>> def modal_wrapper(content, _id, header='', footer=''):
>>
>> main_wrap = DIV('',  _class="modal fade",  _role="dialog", _id=_id, 
>> _tabindex="-1" )
>> title_id = _id + '_title'
>> main_wrap['_aria-labelledby']=title_id
>>
>> dialog_div=DIV('', _class="modal-dialog" , _role="document")
>> content_div=DIV('', _class="modal-content")
>> header_div = DIV( _class="modal-header")
>>
>> close_cross = BUTTON(
>> SPAN(XML(''), **{'_aria-hidden':"true"}),
>> _type="button",  _class="close",
>>  data={'dismiss':"modal"},
>>  **{'_aria-label':"Close"}
>>  )
>> title_h4 = H4( header,  _class="modal-title",  _id = title_id)
>> body_div = DIV( content, _class="modal-body")
>>
>>
>> close_btn = BUTTON('Close',  _type="button", _class="btn 
>> btn-default", data={'dismiss':"modal"})
>> footer_div =  DIV( footer, close_btn, _class="modal-footer")
>>
>> # gluon all
>> main_wrap[0] = dialog_div
>> dialog_div[0] = content_div
>>
>> header_div.append(close_cross)
>> header_div.append(title_h4)
>>
>> [content_div.append(c) for c in (header_div, body_div, footer_div)]
>> return main_wrap
>>
>>
>>
>>
>> On Wednesday, February 24, 2016 at 10:07:45 PM UTC-5, Richard wrote:
>>>
>>> As the slice says : Quick and Dirty...
>>>
>>> I would stay away of that...
>>>
>>> You may also consider js lib for that...
>>>
>>> Why not : http://fineuploader.com/purchase_form.html
>>>
>>> If your app is open source and doesn't make money.
>>>

[web2py] Re: SQLFORM.factory upload field can't show link

[killzane]

Yes, I mean when I want to edit an existing record, there are no link. 
But I can find the file when use appadmin.

Anthony於 2016年2月25日星期四 UTC+8下午10時41分32秒寫道：
>
> There should only be a file link if you are editing an existing record 
> (with an existing file). If you are displaying a "create" form, to what 
> file would you expect such a link to point?
>
> Anthony
>
> On Thursday, February 25, 2016 at 4:19:10 AM UTC-5, killzane wrote:
>>
>> This is my code
>> form = SQLFORM.factory(Field('list_name', 'string', label='List Name'), 
>> db.project, table_name='project',upload=URL('download'))
>>
>> And here is my db.py about upload field
>> Field('project_pdf', 'upload', label='Project PDF', comment='', 
>> uploadfolder='app/uploads'),
>>
>> When I use web2py's appadmin I can see the link like this picture
>>
>>
>> 
>>
>>
>>
>> but in my view I use 
>> {{=form}}
>>
>> There are only choose file but not file link
>>
>> how could I do for it?
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: SQLFORM.factory upload field can't show link

[Anthony]

There should only be a file link if you are editing an existing record 
(with an existing file). If you are displaying a "create" form, to what 
file would you expect such a link to point?

Anthony

On Thursday, February 25, 2016 at 4:19:10 AM UTC-5, killzane wrote:
>
> This is my code
> form = SQLFORM.factory(Field('list_name', 'string', label='List Name'), db
> .project, table_name='project',upload=URL('download'))
>
> And here is my db.py about upload field
> Field('project_pdf', 'upload', label='Project PDF', comment='', 
> uploadfolder='app/uploads'),
>
> When I use web2py's appadmin I can see the link like this picture
>
>
> 
>
>
>
> but in my view I use 
> {{=form}}
>
> There are only choose file but not file link
>
> how could I do for it?
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Preventing hackers from exploiting web2py with wsgi

[Niphlod]

didn't mean to startle anyone  amusement is personal entertainment, 
meant as "if you want to try facing the hige problem by yourself and you 
are willing to read through tons of docs".

that being said IMHO the question was/is ill posed. "wsgi" (no *U*wsgi, no 
*MOD_*wsgi) is just a spec. Anyone telling "you can't use wsgi because it's 
not safe" is basically telling you NOT to use python for web development, 
because it's really the only standard out there for python apps.

in your "quoted parenthesis" 


* (which means not using web2py with apache)*

you probably pointed out a reference to running wsgi under apache  that 
is mod_wsgi. Now, mod_wsgi works. It has some configuration parameters that 
are hard to fine tune, but unrelated to security. As Kiran pointed out, 
there are multiple CVEs affecting it.
We, as web2py-developers, don't "block" any deployment method. Web2py 
exposes a wsgi interface, and provides adapters for cgi, fastcgi, scgi and 
wsgi protocols. You can deploy web2py also behind a reverse proxy using the 
included webservers. This translates to "pretty much everywhere and behind 
anything".

However we, as "support people", often see lots of users facing really 
weird issues deploying web2py with mod_wsgi under apache, and since there 
are alternatives that are far superior, with less headaches, less resource 
hungry, more scalable and with less security concerns, "encourage" dropping 
apache+mod_wsgi architectures in favour of nginx+uwsgi ones.
Apache in production DEFINITELY suffers a very simple DdOS attach known as 
slowloris, that anyone knows, it's easy to do from any home internet 
connection and that can be mitigated only if you put something in FRONT of 
it. Why don't just drop apache alltogether ?

In the end, web2py "should" be run under apache only and only if apache is 
a requirement itself (e.g. it runs other applications written in other 
programming languages).

That being said, if you can point out the full extent of your chat we'll 
probably be able to pinpoint the scary part and address your concerns. 
If the problem is really "how can I prevent my web2py app to send GET 
requests to other domains" the reply is simply "don't issue requests to 
other domains". But that would be true indipendently from the webserver of 
your choice.
If the problem is, on the other end, "I've been told that mod_wsgi can be 
exploited if not properly tuned, regardless of the underlying python app ", 
once again, options are (from safer to less safer) 
:
- consider something else than apache
- call an expert to fix apache and mod_wsgi
- reading through mod_wsgi docs, mailing list and CVEs and pinpoint the 
needed fix



-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Compute return only the last result

[Gael Princivalle]

Hello all.

I use this function for resizing images for full size and thumbnails:

def SMARTHUMB(image, box, fit=True, name="thumb"):
#Downsample the image.
#@param img: Image -  an Image-object
#@param box: tuple(x, y) - the bounding box of the result image
#@param fit: boolean - crop the image to fill the box
if image:
request = current.request
img = Image.open(request.folder + 'uploads/' + image)
#preresize image with factor 2, 4, 8 and fast algorithm
factor = 1
while img.size[0] / factor > 2 * box[0] and img.size[1] * 2 / 
factor > 2 * box[1]:
factor *= 2
if factor > 1:
img.thumbnail((img.size[0] / factor, img.size[1] / factor), 
Image.NEAREST)

#calculate the cropping box and get the cropped part
if fit:
x1 = y1 = 0
x2, y2 = img.size
wRatio = 1.0 * x2 / box[0]
hRatio = 1.0 * y2 / box[1]
if hRatio > wRatio:
y1 = int(y2 / 2 - box[1] * wRatio / 2)
y2 = int(y2 / 2 + box[1] * wRatio / 2)
else:
x1 = int(x2 / 2 - box[0] * hRatio / 2)
x2 = int(x2 / 2 + box[0] * hRatio / 2)
img = img.crop((x1, y1, x2, y2))

#Resize the image with best quality algorithm ANTI-ALIAS
img.thumbnail(box, Image.ANTIALIAS)

root, ext = os.path.splitext(image)
thumb = '%s_%s%s' % (root, name, ext)
img.save(request.folder + 'uploads/' + thumb)
return thumb

In the db:
db.define_table('news',
Field('title', type='string'),
Field('image', 'upload'),
Field('image_thumb', 'upload'),
Field('image_big', 'upload'))

box_thumb = (270, 158)
db.news.image_thumb.compute = lambda row: SMARTHUMB(row.image, box_thumb)
box_big = (770, 435)
db.news.image_big.compute = lambda row: SMARTHUMB(row.image, box_big)

The problem is that image_thumb have the same size as image_big.

Someone know why?

Thanks, regards.



-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: WinINet and basic auth

[Niphlod]

oddly enough there's a "libcurl vs wininet" page on curl's site ...

https://curl.haxx.se/libcurl/wininet.html



On Thursday, February 25, 2016 at 10:19:41 AM UTC+1, Dave S wrote:
>
> On Thursday, February 25, 2016 at 12:12:28 AM UTC-8, Niphlod wrote:
>>
>> if wininet can't do basic auth, is it web2py's fault ?!?!?!
>> curl is available also on windows :-P and it's pretty much the de-facto 
>> reference. if it works with curl but not with wininet, it's wininet fault.
>>
>
> So it seems.
>  
>
>>
>> as for digest auth, no, web2py doesn't support it out of the box.
>>
>>
> Alas.
>
> /dps
>  
>
>> On Thursday, February 25, 2016 at 1:06:20 AM UTC+1, Dave S wrote:
>>>
>>>
>>>
>>> On Tuesday, February 23, 2016 at 12:39:27 PM UTC-8, Dave S wrote:

 I'm trying to use Basic Auth with my restful service; see
 >>> http://web2py.com/books/default/chapter/29/10/services#Access-Control)
 for my starting point, although I'm doing a post.

>>>
>>>
>>> Also, does Web2Py support Digest auth?
>>> 
>>>
>>> /dps
>>>  
>>>

 curl --request POST -TransferEncoding C:\dir1\test1.txt --user 
 us...@servery.com:pwd1 http:
 //ww.zz.uu.39/uploader/default/shove/upstuff/ 
 
 test1.txt

 This works fine from the command line (centos or Win7, as long as curl 
 is installed).

 And I successfully used this with libcurl in my Windows test client ("
 us...@servery.com" --> "user%40servery.com").  Tcpdump on the server 
 shows the u/p fields moved to an "Authorization:" header (Basic).

 When I try this from WinINet functions, the u/p stuff in the URL is 
 stripped but no "Authorization:" header is added.  Setting the u/p in 
 *InternetConnect()* seems to be ignored.  As a result, I get back a 
 303 redirecting to the login page.  (I'm using shake-the-box Rocket server 
 for prototyping, though I plan to move to nginx later.)
 This MS page suggests that WinINet is expecting a 401, although it 
 isn't clear that applies to Basic Auth or just challenge-response 
 authentication.
 >>> https://msdn.microsoft.com/en-us/library/windows/desktop/aa384220%28v=vs.85%29.aspx
 >

 Some StackOverflow hits suggest that I need to prepare the Basic Auth 
 header myself and use the* lpszHeaders* parameter of* 
 HttpSendRequest()*.  Is that my only choice, or am I missing something?

 Thanks.

 Dave
 /dps




  

>>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: For fastmail.com mail set up in web2py what should be mail.settings.server?

[villas]

Try this...

## configure email
mail = auth.settings.mailer
mail.settings.server = 'mail.messagingengine.com:587'
mail.settings.sender = 'y...@emailaddress.com'
mail.settings.login = 'youracco...@fastmail.fm:yourpassword'

 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Reading view templates from database

[R. Osinga]

I already found my anser in the history of the forum 

On Thursday, February 25, 2016 at 12:05:56 PM UTC+1, R. Osinga wrote:
>
> Hi all,
>
> I like to offer end users a way to define their ow mail templates.
> I tried using the standard templating mechanism for it, but it only 
> accepts files from fixk.
> Is it possible for me to 'bend' this functionality into reading a templace 
> (and its parent tamplates) from the database?
>
> Cheers,
> Roald
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Preventing hackers from exploiting web2py with wsgi

[Kiran Subbaraman]

Robin,
In support of the 'exploit' that you speak of - Is there any reported 
issue, or bug report, or code  that you can provide a reference to? This 
would help understand if web2py is affected or not.


I suggest you take a look at the CVE database, to see if there have been 
reported Vulnerabilities on software that you use: 
https://www.cvedetails.com/
For example, looking for 'uwsgi' issues: 
https://www.cvedetails.com/google-search-results.php?q=uwsgi=Search
Whereas, the 'mod_wsgi' issues: 
https://www.cvedetails.com/google-search-results.php?q=mod_wsgi=Search



Kiran Subbaraman
http://subbaraman.wordpress.com/about/

On Thu, 25-02-2016 1:03 PM, Robin Manoli wrote:

Hello!

I was recommended by #ubuntu-server on Freenode not to use wsgi. I 
wonder if you recommend this as well (which means not using web2py 
with apache)?


I'm wondering if there is certain type of web2py code I can look for 
to prevent unauthorized access. In particular, how to prevent apache 
to send GET requests to other domains than the actual web2py web site 
being requested in the first place.


I'd really appreciate your help on this :)

- Robin
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google 
Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to web2py+unsubscr...@googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups "web2py-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Reading view templates from database

[R. Osinga]

Hi all,

I like to offer end users a way to define their ow mail templates.
I tried using the standard templating mechanism for it, but it only accepts 
files from fixk.
Is it possible for me to 'bend' this functionality into reading a templace 
(and its parent tamplates) from the database?

Cheers,
Roald

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Preventing hackers from exploiting web2py with wsgi

[Robin Manoli]

Don't worry, I didn't disregard the information. The answer is not what I'm 
looking for however. Even if apache is amusingly complicated for Niphlod, 
the issue at hand has nothing to do with apache. The issue is to figure out 
how to find out how to prevent GET requests exploited through web2py.

And when it comes to rudeness, it doesn't necessarily require using 
singular rude words. But to suggest people to amuse themselves rather than 
to learn properly about new technology seems arrogant and discouraging to 
me. I don't see how it has any place in a help forum.

And being nice does in no way require fake politeness.

Den torsdag 25 februari 2016 kl. 10:52:57 UTC+2 skrev Marin Pranjić:
>
> Wow, some people are soo easily offended.
>
> I don't see a single rude word here, it's helpful and informative answer, 
> and it should help you unmix things :)
> His answer could be the best thing you read today, so I hope you don't 
> just discard it because it's not wrapped up with fake politeness.
>
> Regards,
>
> Marin
>
> On Thu, Feb 25, 2016 at 9:40 AM, Robin Manoli  > wrote:
>
>> They recommended not to use wsgi, and so far I've been using mod_wsgi. 
>> Sorry if I didn't know everything about wsgi.
>>
>> Thanks for the tips! Maybe I can amuse myself with some rude people on 
>> help forums too?
>>
>> You know Niphlod, this is not the first time you're answering to me in a 
>> rude way. Are you here to discourage people from learning, or one of those 
>> experts who can't handle that people can mix things up before learning? All 
>> the other people who have been helping me in these forums have been really 
>> nice. I hope you would like to be nice too.
>>
>>
>>
>>
>>
>> Den torsdag 25 februari 2016 kl. 10:09:13 UTC+2 skrev Niphlod:
>>>
>>> IMHO you're really confused. or got names wrong. or got things wrong.
>>>
>>> wsgi IS THE ONLY WAY to run python code for webservers. It's the only 
>>> standardized spec to do so.
>>>
>>> Nooow, if you're instead talinkg about mod_wsgi on apache, it's another 
>>> matter entirely. Securing apache needs to be done by expertsif you're 
>>> not, you can amuse yourself reading docs and chatting to peoples, but if 
>>> you're really concerned the best option is to leave it to professionals.
>>>
>>> BTW, we "sponsor" nginx+uwsgi over apache for some time now.
>>>
>>> On Thursday, February 25, 2016 at 8:33:57 AM UTC+1, Robin Manoli wrote:

 Hello!

 I was recommended by #ubuntu-server on Freenode not to use wsgi. I 
 wonder if you recommend this as well (which means not using web2py with 
 apache)?

 I'm wondering if there is certain type of web2py code I can look for to 
 prevent unauthorized access. In particular, how to prevent apache to send 
 GET requests to other domains than the actual web2py web site being 
 requested in the first place.

 I'd really appreciate your help on this :)

 - Robin

>>> -- 
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to web2py+un...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: WinINet and basic auth

[Dave S]

On Thursday, February 25, 2016 at 12:12:28 AM UTC-8, Niphlod wrote:
>
> if wininet can't do basic auth, is it web2py's fault ?!?!?!
> curl is available also on windows :-P and it's pretty much the de-facto 
> reference. if it works with curl but not with wininet, it's wininet fault.
>

So it seems.
 

>
> as for digest auth, no, web2py doesn't support it out of the box.
>
>
Alas.

/dps
 

> On Thursday, February 25, 2016 at 1:06:20 AM UTC+1, Dave S wrote:
>>
>>
>>
>> On Tuesday, February 23, 2016 at 12:39:27 PM UTC-8, Dave S wrote:
>>>
>>> I'm trying to use Basic Auth with my restful service; see
>>> >> http://web2py.com/books/default/chapter/29/10/services#Access-Control)
>>> for my starting point, although I'm doing a post.
>>>
>>
>>
>> Also, does Web2Py support Digest auth?
>> 
>>
>> /dps
>>  
>>
>>>
>>> curl --request POST -TransferEncoding C:\dir1\test1.txt --user 
>>> us...@servery.com:pwd1 http:
>>> //ww.zz.uu.39/uploader/default/shove/upstuff/ 
>>> 
>>> test1.txt
>>>
>>> This works fine from the command line (centos or Win7, as long as curl 
>>> is installed).
>>>
>>> And I successfully used this with libcurl in my Windows test client ("
>>> us...@servery.com" --> "user%40servery.com").  Tcpdump on the server 
>>> shows the u/p fields moved to an "Authorization:" header (Basic).
>>>
>>> When I try this from WinINet functions, the u/p stuff in the URL is 
>>> stripped but no "Authorization:" header is added.  Setting the u/p in 
>>> *InternetConnect()* seems to be ignored.  As a result, I get back a 303 
>>> redirecting to the login page.  (I'm using shake-the-box Rocket server for 
>>> prototyping, though I plan to move to nginx later.)
>>> This MS page suggests that WinINet is expecting a 401, although it isn't 
>>> clear that applies to Basic Auth or just challenge-response authentication.
>>> >> https://msdn.microsoft.com/en-us/library/windows/desktop/aa384220%28v=vs.85%29.aspx
>>> >
>>>
>>> Some StackOverflow hits suggest that I need to prepare the Basic Auth 
>>> header myself and use the* lpszHeaders* parameter of* HttpSendRequest()*. 
>>>  Is that my only choice, or am I missing something?
>>>
>>> Thanks.
>>>
>>> Dave
>>> /dps
>>>
>>>
>>>
>>>
>>>  
>>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] SQLFORM.factory upload field can't show link

[killzane]

This is my code
form = SQLFORM.factory(Field('list_name', 'string', label='List Name'), db.
project, table_name='project',upload=URL('download'))

And here is my db.py about upload field
Field('project_pdf', 'upload', label='Project PDF', comment='', uploadfolder
='app/uploads'),

When I use web2py's appadmin I can see the link like this picture





but in my view I use 
{{=form}}

There are only choose file but not file link

how could I do for it?

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Multiple instances of same class

[killzane]

thanks, it works!

Anthony於 2016年1月22日星期五 UTC+8上午7時02分36秒寫道：
>
> You have defined __name as a class attribute, so it belongs to the class, 
> not to individual instances of it. Instead, just use self.__name if you 
> want the name to be associated with a particular instance of the class.
>
> Anthony
>
> On Thursday, January 21, 2016 at 5:24:00 PM UTC-5, killzane wrote:
>>
>> I write a class in modules, and create instance in controller.
>> But whatever I create different variable, they point to same instance.
>> May I create new instance when page reload?
>>
>> here is the class
>> # -*- coding: utf-8 -*-
>> from gluon import current
>>
>> class Project:
>> __name = None
>>
>> def __init__(self, id):
>> db = current.db
>> project = db(db.project.id == id).select().first()
>> self.__name = project.name
>> @classmethod
>> def setName(cls, name):
>> cls.__name = name
>> pass
>> @classmethod
>> def getName(cls):
>> return cls.__name
>> pass
>>
>> and here is the controller
>> def classTest():
>> myObj = Project(5)
>> myObj2 = Project(4)
>> # myObj2.setName("abcxxx")
>> # myObj.setName("defxxx")
>> return myObj2.getName()
>>
>> whatever I return myObj.name or myObj2.name the answer is "defxxx".
>> so how could I do for it?
>>
>> thanks.
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Preventing hackers from exploiting web2py with wsgi

[Marin Pranjić]

Wow, some people are soo easily offended.

I don't see a single rude word here, it's helpful and informative answer,
and it should help you unmix things :)
His answer could be the best thing you read today, so I hope you don't just
discard it because it's not wrapped up with fake politeness.

Regards,

Marin

On Thu, Feb 25, 2016 at 9:40 AM, Robin Manoli  wrote:

> They recommended not to use wsgi, and so far I've been using mod_wsgi.
> Sorry if I didn't know everything about wsgi.
>
> Thanks for the tips! Maybe I can amuse myself with some rude people on
> help forums too?
>
> You know Niphlod, this is not the first time you're answering to me in a
> rude way. Are you here to discourage people from learning, or one of those
> experts who can't handle that people can mix things up before learning? All
> the other people who have been helping me in these forums have been really
> nice. I hope you would like to be nice too.
>
>
>
>
>
> Den torsdag 25 februari 2016 kl. 10:09:13 UTC+2 skrev Niphlod:
>>
>> IMHO you're really confused. or got names wrong. or got things wrong.
>>
>> wsgi IS THE ONLY WAY to run python code for webservers. It's the only
>> standardized spec to do so.
>>
>> Nooow, if you're instead talinkg about mod_wsgi on apache, it's another
>> matter entirely. Securing apache needs to be done by expertsif you're
>> not, you can amuse yourself reading docs and chatting to peoples, but if
>> you're really concerned the best option is to leave it to professionals.
>>
>> BTW, we "sponsor" nginx+uwsgi over apache for some time now.
>>
>> On Thursday, February 25, 2016 at 8:33:57 AM UTC+1, Robin Manoli wrote:
>>>
>>> Hello!
>>>
>>> I was recommended by #ubuntu-server on Freenode not to use wsgi. I
>>> wonder if you recommend this as well (which means not using web2py with
>>> apache)?
>>>
>>> I'm wondering if there is certain type of web2py code I can look for to
>>> prevent unauthorized access. In particular, how to prevent apache to send
>>> GET requests to other domains than the actual web2py web site being
>>> requested in the first place.
>>>
>>> I'd really appreciate your help on this :)
>>>
>>> - Robin
>>>
>> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Preventing hackers from exploiting web2py with wsgi

[Robin Manoli]

They recommended not to use wsgi, and so far I've been using mod_wsgi. 
Sorry if I didn't know everything about wsgi.

Thanks for the tips! Maybe I can amuse myself with some rude people on help 
forums too?

You know Niphlod, this is not the first time you're answering to me in a 
rude way. Are you here to discourage people from learning, or one of those 
experts who can't handle that people can mix things up before learning? All 
the other people who have been helping me in these forums have been really 
nice. I hope you would like to be nice too.




Den torsdag 25 februari 2016 kl. 10:09:13 UTC+2 skrev Niphlod:
>
> IMHO you're really confused. or got names wrong. or got things wrong.
>
> wsgi IS THE ONLY WAY to run python code for webservers. It's the only 
> standardized spec to do so.
>
> Nooow, if you're instead talinkg about mod_wsgi on apache, it's another 
> matter entirely. Securing apache needs to be done by expertsif you're 
> not, you can amuse yourself reading docs and chatting to peoples, but if 
> you're really concerned the best option is to leave it to professionals.
>
> BTW, we "sponsor" nginx+uwsgi over apache for some time now.
>
> On Thursday, February 25, 2016 at 8:33:57 AM UTC+1, Robin Manoli wrote:
>>
>> Hello!
>>
>> I was recommended by #ubuntu-server on Freenode not to use wsgi. I wonder 
>> if you recommend this as well (which means not using web2py with apache)?
>>
>> I'm wondering if there is certain type of web2py code I can look for to 
>> prevent unauthorized access. In particular, how to prevent apache to send 
>> GET requests to other domains than the actual web2py web site being 
>> requested in the first place.
>>
>> I'd really appreciate your help on this :)
>>
>> - Robin
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: WinINet and basic auth

[Niphlod]

if wininet can't do basic auth, is it web2py's fault ?!?!?!
curl is available also on windows :-P and it's pretty much the de-facto 
reference. if it works with curl but not with wininet, it's wininet fault.

as for digest auth, no, web2py doesn't support it out of the box.

On Thursday, February 25, 2016 at 1:06:20 AM UTC+1, Dave S wrote:
>
>
>
> On Tuesday, February 23, 2016 at 12:39:27 PM UTC-8, Dave S wrote:
>>
>> I'm trying to use Basic Auth with my restful service; see
>> > http://web2py.com/books/default/chapter/29/10/services#Access-Control)
>> for my starting point, although I'm doing a post.
>>
>
>
> Also, does Web2Py support Digest auth?
> 
>
> /dps
>  
>
>>
>> curl --request POST -TransferEncoding C:\dir1\test1.txt --user 
>> us...@servery.com:pwd1 http://ww.zz.uu.39/uploader/default/shove/upstuff/ 
>> 
>> test1.txt
>>
>> This works fine from the command line (centos or Win7, as long as curl is 
>> installed).
>>
>> And I successfully used this with libcurl in my Windows test client ("
>> us...@servery.com " --> "user%40servery.com").  Tcpdump on 
>> the server shows the u/p fields moved to an "Authorization:" header (Basic).
>>
>> When I try this from WinINet functions, the u/p stuff in the URL is 
>> stripped but no "Authorization:" header is added.  Setting the u/p in 
>> *InternetConnect()* seems to be ignored.  As a result, I get back a 303 
>> redirecting to the login page.  (I'm using shake-the-box Rocket server for 
>> prototyping, though I plan to move to nginx later.)
>> This MS page suggests that WinINet is expecting a 401, although it isn't 
>> clear that applies to Basic Auth or just challenge-response authentication.
>> > https://msdn.microsoft.com/en-us/library/windows/desktop/aa384220%28v=vs.85%29.aspx
>> >
>>
>> Some StackOverflow hits suggest that I need to prepare the Basic Auth 
>> header myself and use the* lpszHeaders* parameter of* HttpSendRequest()*. 
>>  Is that my only choice, or am I missing something?
>>
>> Thanks.
>>
>> Dave
>> /dps
>>
>>
>>
>>
>>  
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Setting up the scheduler, and letting it run from a certain point of time

[Niphlod]

if anyone wants to familiarize with the scheduler, I always 
recommend https://github.com/niphlod/w2p_scheduler_tests

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Preventing hackers from exploiting web2py with wsgi

[Niphlod]

IMHO you're really confused. or got names wrong. or got things wrong.

wsgi IS THE ONLY WAY to run python code for webservers. It's the only 
standardized spec to do so.

Nooow, if you're instead talinkg about mod_wsgi on apache, it's another 
matter entirely. Securing apache needs to be done by expertsif you're 
not, you can amuse yourself reading docs and chatting to peoples, but if 
you're really concerned the best option is to leave it to professionals.

BTW, we "sponsor" nginx+uwsgi over apache for some time now.

On Thursday, February 25, 2016 at 8:33:57 AM UTC+1, Robin Manoli wrote:
>
> Hello!
>
> I was recommended by #ubuntu-server on Freenode not to use wsgi. I wonder 
> if you recommend this as well (which means not using web2py with apache)?
>
> I'm wondering if there is certain type of web2py code I can look for to 
> prevent unauthorized access. In particular, how to prevent apache to send 
> GET requests to other domains than the actual web2py web site being 
> requested in the first place.
>
> I'd really appreciate your help on this :)
>
> - Robin
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.