Hi,
I'm looking for adventurous pre-alpha testers for a DHTML (active website)
framework for Python I've developed.
Name:
- pyWeb
Features:
- easy to learn and use
- compatible with Python 1.5.2 and later (thus able to run on budget
web hosts which insist on staying with old Pythons)
- runs purely as CGI (or fastCGI)
- lets you build your pages with a simple, intuitive and coherent
document object model (DOM)
- extremely extensible, lends itself well to templating
- not a 'code within the html text' type of DHTML framework (like Spyce).
This one puts the emphasis on generating the HTML with python statements
- automatic retrieval and dispatch of browser cookies
- oersistent datastore that is stored on browser as compressed cookes.
secured via hmac/sha1, can store 10-25k of data on browser. Accessed in
python code by simply reading and setting attributes of an object
License:
- GPL
Info, examples, doco, download:
- http://www.freenet.org.nz/python/pyweb
All feedback gratefully received.
Cheers
David 2  2058 
On Wed, 16 Jul 2003, David McNab <po********@127 .0.0.1> wrote: - easy to learn and use
Have you demonstrated it? Did you give the documentation to someone,
and had him writing useful software? Or is this just an assumption
based on the fact that you find it easy to use, and did not have
to learn it?
- lets you build your pages with a simple, intuitive and coherent
document object model (DOM)
Is your DOM more simple, intuitive and coherent than minidom? microdom?
DOM is usually used in reference to the W3C standard. If you deviate
from the standard, it's probably best not to call what you have "DOM".
- extremely extensible
Did you try to extend it, and are reporting success? With two different
extension directions? Or is this, again, an assumption?
, lends itself well to templating
You mean each person has to implement templating on his own? Or does
it have a templating system?
- oersistent datastore that is stored on browser as compressed cookes.
secured via hmac/sha1, can store 10-25k of data on browser.
That probably depends on the browser. The standard states:
'''
* at least 4096 bytes per cookie (as measured by the size of the
characters that comprise the cookie non-terminal in the syntax
description of the Set-Cookie header)
'''
which means that cookies might get cut off or not stored at all by
the client. You might be splitting the cookies off transparently, which
should let you go up to 80k, but would probably make the job of anyone
wanting to send his own cookies hard.
The standard also says, however,
'''
Applications should use as few and as small cookies as possible, and they
should cope gracefully with the loss of a cookie.
'''
[All quotes are from http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html]
Accessed in
python code by simply reading and setting attributes of an object
It also matters, probably, that you use a secure RNG generator for the
"secret" in the sha1/hmac schemes, otherwise a malicious client can still
force you to execute code. The RNG in Python, for example, is
'''
if a is None:
# Initialize from current time
import time
a = long(time.time( ) * 256)
'''
Since your server graciously sends the time, then if this is done via
CGI the client can try guessing several values for the time. CGI applications
usually run less than five seconds, so the client can even perform a brute
force attack.
All feedback gratefully received.
Enjoy!
--
Moshe Zadka -- http://moshez.org/
Buffy: I don't like you hanging out with someone that... short.
Riley: Yeah, a lot of young people nowadays are experimenting with shortness.
Agile Programming Language -- http://www.python.org/
On Wed, 16 Jul 2003 11:05:51 +0000, Moshe Zadka paused, took a deep
breath, then came out with: On Wed, 16 Jul 2003, David McNab <po********@127 .0.0.1> wrote:
Have you demonstrated it? Did you give the documentation to someone,
and had him writing useful software?
That's what I'm doing *now* in *pre-announcing* to this ng.
Or is this just an assumption
based on the fact that you find it easy to use, and did not have
to learn it?
An assumption based on the fact that I used the same design style with
which I've written other python software (for which I've received
very positive feedback on its accessibility).
I try hard to write my software in a way that doesn't force its user to
contort his/her mind in umpteen weird directions to understand it.
I don't think I'm alone in the fact that I don't like having to smell a
programmer's dirty socks or analyse his pizza stains in order to
understand how to use his code.
- lets you build your pages with a simple, intuitive and coherent
document object model (DOM)
Is your DOM more simple, intuitive and coherent than minidom? microdom?
DOM is usually used in reference to the W3C standard. If you deviate
from the standard, it's probably best not to call what you have "DOM".
I'm using Document Object Model in a generic sense, similar to how the
word 'window' in a GUI sense doesn't always refer to M$ software.
I'm a bit cynical about DOM standards anyway, given how the client-side
DOMs between IE, Mozilla family, Konqueror and Opera etc are highly
disparate, and writing portable Javascript is such a CATPITA.
- extremely extensible
Did you try to extend it, and are reporting success?
Yes. One of the examples on the website (and the website which coughs
up its own source code on request) both demonstrate this.
With two different
extension directions?
What do you mean by this? What constitutes a 'direction'? Subclassing?
, lends itself well to templating
You mean each person has to implement templating on his own? Or does
it have a templating system?
User implements his/her own templating. In that respect, pyWeb can be
considered a bit more low-level than template-based systems. But for some,
the freedom to roll their own (and be in full control, and hot have to
conform to other people's abstractions) is a *good* thing.
Thanks for your feedback, moshez, but please recall that this is a
*pre*-announcement. The version is 0.1.0, not 1.0.
I know it's not immediately serving you the moon on a plate with a sprig
of parsely. But I feel you're jumping on it pretty hard, especially since
I'm only asking for testers. It's not like I've made any kind of formal
release announcement.
- oersistent datastore that is stored on browser as compressed cookes.
secured via hmac/sha1, can store 10-25k of data on browser.
That probably depends on the browser. The standard states:
'''
* at least 4096 bytes per cookie (as measured by the size of the
characters that comprise the cookie non-terminal in the syntax
description of the Set-Cookie header)
When the persistent data object gets pickled, it gets broken up into
cookies of max size 2048 bytes each. If there's more data, the pickle gets
broken up into several cookies then reassembled at the next request.
Apache seems to barf when the incoming 'Cookie:' header exceeds 8k, so
this appears to be the driving constraint.
'''
which means that cookies might get cut off or not stored at all by
the client.
Correct.
You might be splitting the cookies off transparently, which
should let you go up to 80k, but would probably make the job of anyone
wanting to send his own cookies hard.
My apache has an 8k limit on total size of all incoming cookies. If you
use more persistent datastore, you've got less space for 'physical'
cookies, and vice versa. That is the user's responsibility.
However, thanks for your noises on this - makes me aware that I should add
to the doco to explain these constraints to the user.
BTW - the persistent data object supplements raw cookies, it doesn't
take the place of them. The 'session' object contains a SimpleCookie
instance, the use of which is explained in the doco.
The standard also says, however,
'''
Applications should use as few and as small cookies as possible, and they
should cope gracefully with the loss of a cookie.
'''
[All quotes are from http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html]
Accessed in
python code by simply reading and setting attributes of an object
I leave it to the user (pyWeb programmer) to make their own decision on
this. Similar to the fact that gcc could be used to write very insecure
code, but that is not the fault of the compiler developer.
It also matters, probably, that you use a secure RNG generator for the
"secret" in the sha1/hmac schemes, otherwise a malicious client can still
force you to execute code.
The 'secret' key gets chosen by the pyWeb programmer, with no prng
involved.
Granted, I should probably provide some scheme to make it easier for the
user to supply their own hmac 'secret', and possibly even assist them in
generating such.
Finally, note that there is no support for back-end database.
This is a deliberate decision, since it's targeted at people running
their sites on budget web hosts. There are hordes of hosts that offer
(mostly) great deals (eg CGI, 100MB storage, 10GB traffic) for around
$5-$10/month. But a lot of these hosts only have python 1.5.2, with no
MySQL interface module.
If you look through the examples, you'll see one which uses the Metakit
database engine (which can be uploaded in binary form to such hosts, and
which runs fine).
Cheers
David This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Mark Hammond |
last post by:
Phillip Frantz has contributed a very cool ISAPI (IIS extension)
framework that I have been extending, and hope to include in later
pywin32 builds. It supports both ISAPI extensions and filters.
Along with this ISAPI extension is a Python framework that implements
mod_python like functionality in IIS. This means it is a "server
independent" framework for embedding Python in either Apache or IIS (and
also means the framework itself is...
|
by: Patrick Useldinger |
last post by:
Hi all,
I am looking for beta-testers for fdups.
fdups is a program to detect duplicate files on locally mounted
filesystems. Files are considered equal if their content is identical,
regardless of their filename. Also, fdups ignores symbolic links and is
able to detect and ignore hardlinks, where available.
In contrast to similar programs, fdups does not rely on md5 sums or
|
by: Charlie Martin Beta program |
last post by:
Well, it turns out that Google automagically mangled email addresses
in the last try, so here goes again.
Confio Software, a Boulder-based system performance tools developer,
is preparing to announce our new DBFlash(TM) for Oracle version 4.6;
we need beta testers before our upcoming release, so we are looking
for a limited number of new sites interested in trying our new
version.
Qualifying sites should have:
|
by: Gregory Vaughan |
last post by:
Beta testers wanted for a new Java utility that draws JPEG tree diagrams of
XML files. The program is described at:
http://www.intsysr.com/drawtag.htm
Testers can receive a free copy of the program plus future updates, in
exchange for testing and reporting back on bugs, usability, documentation
errors, etc. The program is implemented in Java and requires a Java 1.4
runtime. If interested please contact Greg at gsv@intsysr.com
|
by: mikael |
last post by:
I'm working for this company: http://www.naltabyte.se
and we are looking for beta-testers for MioPages.
It's XML-formatted asp 3.0, which makes it behave like a webpage on the
server, thus avoding the "IF/ELSE"-trips when doing something
interactive - do it using serverside dhtml instead, which is as simple
as plain local dhtml.
Anyone interested will recieve a free version of the app when the sharp
edition is released in january 2005....
| | |
by: Kenneth McDonald |
last post by:
Is there any emerging consensus on the "best" UI for toolkit. Tk
never quite made it but from what I can see, both qt and wxWin are
both doing fairly well in general. I'm already aware of the licensing
issues surrounding qt (fwiw, I think their license fee for commercial
use is eminently reasonable), so aside from that, I was wondering if
there was any feedback readers could provide on the following:
1) Which plays best with Python?...
|
by: john |
last post by:
To test a new piece of software designed to help with (among other
things) eCommerce WWW site development. The software is fairly easy to
use but you must fit a profile. Retail price is 120 GBP and I'll email
full releases to anyone who helps FOC of course:
Profile:
I'm looking for someone who fits a profile -
You must be willing to spend some time with the software and report back
|
by: Ken Fine |
last post by:
I am using VS.NET 2008 and like it a lot. One of the very few things I don't
like is a bug that seems to spawn literally thousands of strings, one
after the other, on design view changes. Sometimes I will end up with as
many as 30,000 of them. I have to do a "Replace" which is slower than I'd
like. This is slowing down my work a lot.
This might be related to a commercial control I'm using, or it may just be
VS.NET's indentation getting...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
