Re: [Web-SIG] WSGI for Python 3
On Friday, July 16, 2010, Ian Bicking wrote: We could make everything bytes and be done with it, but it would make it much harder to port Python 2 WSGI code to Python 3. I think this might be best having seen all of the discussion. One could easily write a compatibility middleware that makes porting Python 2 applications easy or even completely transparent (from a WSGI spec point of view). Regards, Stephan -- Entrepreneur and Software Geek Google me. Zope Stephan Richter ___ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
Re: [Web-SIG] Removal of Cookie in Python 3.0 OK?
On Monday 04 February 2008, Jim Fulton wrote: Breeds are constantly evolving. I don't think it's realistic for the standard library to try to keep up. I also don't think it's a very good idea for language maintainers to make judgements about what's best in various application areas. I have the impression that there's this fairly large effort for people to redo lots of the standard library for Python 3, without necessarily knowing a lot about the libraries' histories, and motivation. I;m skeptical that this is going to lead to a high-quality product. I'd much rather see language developers put some focus on making a low- level feature like a packaging system work as well as possible. Amen to that. :-) Regards, Stephan -- Stephan Richter Web Software Design, Development and Training Google me. Zope Stephan Richter ___ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
Re: [Web-SIG] Bowing out (was Re: A trivial template API counter-proposal)
On Tuesday 07 February 2006 10:20, Phillip J. Eby wrote: Despite some skepticism about the templating effort, I certainly planned to evaluate it when it settled down. I'm not complaining about you personally tuning out; it's just that I ended up being a sole advocate for stuff I thought Zope would need in order to utilize the template standard as a basis for views, without being certain of the details or whether you (i.e. zope.com and .org) actually cared (due to you having disappeared after your initial comment). (This of course also goes for other view-based and active page frameworks that have similar issues, but whose architects weren't around to comment in the first place.) I phased out as well and decided to comment on a draft. The amount of E-mails just overwhelmed me. But I agree as well, that the egg work is more important. :-) BTW, did we reach a conclusion on the user logging issue. We really, really need to solve that somehow. Anything you can come up with is fine by me; I'll trust you do the right thing. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
Re: [Web-SIG] Communicating authenticated user information
On Monday 23 January 2006 22:15, Clark C. Evans wrote: On Mon, Jan 23, 2006 at 04:15:06PM -0500, Phillip J. Eby wrote: | At 03:36 PM 1/23/2006 -0500, Stephan Richter wrote: | Specify a new environment variable called 'wsgi.user' (or something | similar) that is a mutable and can be written several times. Only | the last write (before the output is sent) is important. By default | the variable is set to ``None`` for not set. Why not ``wsgi.context`` or something like that which defaults to an empty dictionary. Then you can put what ever you want in it; ``wsgi.user`` just seems to be a bit too specific. But if you use a dictionary you need to specify all allowed keys. The server needs to know from the standard (WSGI) what it is looking for. The twisted guys and us have thought about other possible data for logging and we could not come up with any. If you have real use cases for other data, please let me know. | I'd suggest a callable under 'wsgi.log_username', that takes one | argument. I think this is way too specific; it doesn't address the general problem: how do you pass information back up the middleware stack. You cannot address this issue generally. The point of WSGI is that it is a well-defined API that specifies exactly what to expect. Let's take your suggestion. Let's say there is a dictionary that can contain anything. Zope 3 (acting as the application) decides to put a key named user into the dictionary. But Twisted (acting as the server) looks for remote-user. Since the key is not specified in the specification, we have gained absolutely nothing. | It should be specified whether it requires ASCII or Unicode. Why cannot it just accept a Python string? You can always check if it is Unicode or not. Because encoding might be arbitrary. It has to be clearly specified in the specs what to expect. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
Re: [Web-SIG] Communicating authenticated user information
On Sunday 22 January 2006 11:34, Phillip J. Eby wrote: Is Zope the only WSGI application that performs authentication itself? I think Zope is the only WSGI application that cares about communicating this information back to the web server's logs. :) Or at least, the only one whose author has said so. :) Well, I originally worked with Itamar and James on the Twisted integration into Zope 3, when we noticed this problem. Perhaps an X-Authenticated-User: foo header could be added in a future spec version? (And as an optional feature in the current PEP.) This seems a simpler way to incorporate the feature than adding an extension API to environ. We considered and even implemented originally suggestions you made, but considered it a security problem and dismissed it. And a convention is not really a viable solution either, since it defeats the point of a non-specific API, like WSGI. We thought about the problem quiet a bit and decided that the user is really the only thing that the log really has to know from the application. So a simple callback that expects a simple string would be just fine. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
Re: [Web-SIG] Communicating authenticated user information
On Monday 23 January 2006 16:15, Phillip J. Eby wrote: I'd suggest a callable under 'wsgi.log_username', that takes one argument. Sounds good to me. It should be specified whether it requires ASCII or Unicode. I don't care; I think ASCII is fine; we can have the application handle the encoding. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com