Home / Browse / Webware for Python / Mail / Archive

Webware for Python

Email Archive: webware-discuss (read-only)

2000:	_Jan	_Feb	_Mar	_Apr	_May (149)	_Jun (174)	_Jul (41)	_Aug (118)	_Sep (72)	_Oct (111)	_Nov (69)	_Dec (147)
2001:	_Jan (242)	_Feb (276)	_Mar (363)	_Apr (704)	_May (183)	_Jun (209)	_Jul (173)	_Aug (230)	_Sep (80)	_Oct (306)	_Nov (338)	_Dec (291)
2002:	_Jan (273)	_Feb (294)	_Mar (303)	_Apr (463)	_May (319)	_Jun (182)	_Jul (160)	_Aug (140)	_Sep (192)	_Oct (302)	_Nov (238)	_Dec (176)
2003:	_Jan (179)	_Feb (222)	_Mar (256)	_Apr (167)	_May (139)	_Jun (145)	_Jul (113)	_Aug (259)	_Sep (146)	_Oct (124)	_Nov (143)	_Dec (66)
2004:	_Jan (58)	_Feb (128)	_Mar (193)	_Apr (228)	_May (111)	_Jun (107)	_Jul (93)	_Aug (78)	_Sep (48)	_Oct (99)	_Nov (104)	_Dec (119)
2005:	_Jan (115)	_Feb (124)	_Mar (86)	_Apr (41)	_May (52)	_Jun (21)	_Jul (32)	_Aug (14)	_Sep (52)	_Oct (30)	_Nov (19)	_Dec (19)
2006:	_Jan (43)	_Feb (35)	_Mar (68)	_Apr (21)	_May (38)	_Jun (46)	_Jul (19)	_Aug (38)	_Sep (58)	_Oct (15)	_Nov (12)	_Dec (30)
2007:	_Jan (49)	_Feb (23)	_Mar (29)	_Apr (19)	_May (33)	_Jun (4)	_Jul (10)	_Aug (26)	_Sep (2)	_Oct (9)	_Nov (1)	_Dec (21)
2008:	_Jan (15)	_Feb (3)	_Mar (10)	_Apr (8)	_May (4)	_Jun (2)	_Jul (2)	_Aug	_Sep	_Oct (2)	_Nov (13)	_Dec
2009:	_Jan (11)	_Feb (4)	_Mar	_Apr (6)	_May	_Jun (16)	_Jul (1)	_Aug	_Sep	_Oct	_Nov	_Dec (9)
2010:	_Jan (6)	_Feb (4)	_Mar (2)	_Apr (12)	_May (20)	_Jun (9)	_Jul (7)	_Aug	_Sep (1)	_Oct (5)	_Nov	_Dec (4)
2011:	_Jan	_Feb	_Mar (10)	_Apr	_May	_Jun	_Jul (9)	_Aug (2)	_Sep	_Oct	_Nov	_Dec
2012:	_Jan (2)	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep (6)	_Oct (3)	_Nov (8)	_Dec (11)
2013:	_Jan (1)	_Feb (1)	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec


S	M	T	W	T	F	S
				1	2	3
				(3)	(6)	(1)
4	5	6	7	8	9	10
(1)		(8)	(11)	(8)	(11)	(1)
11	12	13	14	15	16	17
(1)	(3)		(6)	(3)	(17)	(1)
18	19	20	21	22	23	24
	(9)	(12)	(10)	(4)	(1)	(7)
25	26	27	28	29	30	31
	(2)		(2)	(8)	(2)	(1)

Re: [Webware-discuss] A "batch" Server? or, how can I cache WK HTML?

From: Frank Barknecht <fbar@fo...> - 2003-05-15 22:08

Hallo,
Costas Malamas hat gesagt: // Costas Malamas wrote:

> I've been toying with an idea to improve performance of my WK app.  Is it 
> possible to create a "batch" Server, i.e. a Server class that can take the 
> place of e.g. OneShotAdapter, assume some generic HTTP request parameters 
> and just dump self.writeln() output to stdout or a file?  Basically, I'd 
> like to do two things: a) generate HTML using existing WK code to create 
> static pages that can be offloaded off to Apache instead of WK, b) generate 
> HTML using my existing WK code to create things like canned e-mail messages.

You probably use a lot of "self.writeln()" calls (we all do). You
could replace this with a function or an object that is enabled to do
different kinds of output. Like (python-like pseudo-code):

class SitePage(Page):

	def emit(self, text):
		self.writeln(text)

	def writeContent(self):
		self.emit("Welcome foo bar...")

Just change _emit() to write to a file instead:

class FilePage(SitePage):
	def emit(self, text):
		self.writeToFileSomehow(text)

Or redefine self.writeln directly.

Another approach for better performance is caching, either inside
Webware or outside. We use Squid with great success as accelerating
proxy.

ciao
-- 
 Frank Barknecht                               _ ______footils.org__

Re: [Webware-discuss] RFC: experiment class with attribute-level security

From: Matt Feifarek <matt@da...> - 2003-05-15 20:34

Terrel Shumway wrote:

>"credential" is a term normally used in *authentication* -- verifying that an
>actor is who he claims to be.
>
>What we are dealing with is *authorization* -- verifying that the authenticated
>user is allowed to perform a particular action on a particular object.
>"permission" and "access control list" are more appropriate names.
>  
>
Excellent point. I agree completely.

>There is no shorcut.  Any authorization problem reduces eventually to a boolean
>function of three elements.
>
>   1) the actor
>   2) the action
>   3) the recipient (acted upon)
>
>Whether that function is defined in code or in a table, it still has to exist.
>  
>
Thanks for your additional comments on this matter; I agree with you. My 
partner and I have been around and around on how to "hide" this logic, 
and which part of the system should handle it. Your clear description 
should be useful for our discussion.

>  
>

Re: [Webware-discuss] RFC: experiment class with attribute-level security

From: Matt Feifarek <matt@da...> - 2003-05-15 20:47

Max Ischenko wrote:

>IMHO, embedding credential system into data classes is solving the wrong
>problem. Security policy should operate on quite different (and higher)
>level instead of controlling access to object's bits. "code access
>security" feels mostly like a marketing buzzword to me.
>  
>
We've been running a system for a year or so that chiefly has page-level 
security. We also use the Ww actions() code to define roles/actions, but 
it's been somewhat unsatisfactory.

I agree that code-level security is most often moot, but I figured if it 
could be that low-level, it could also be higher level. Rather than 
controlling a given CMS object, one could control a collection of them 
or something like that.

I'm not interesting in buzzwords, and wasn't even aware that .NET was 
doing that. I'm trying to make it so servlets don't have to deal with 
security when retrieving/painting/editing objects.

>I've built simple role-based security when access to a web page is
>granted based on user's credentials and access policy for that page
>(thru the config file). Code excerpts are given below.
>

>class User:
>
>	"""
>	Represents a user of the system.
>
>	A user is identified by it's name, authenticated by password and can
>	"play" one or more "roles".
>
>	Users are managed by the L{UserManager}.
>	"""
>
>	def __init__(self, mgr, name, roles=[]):
>		self.mgr = mgr
>		self.name = name
>		self.roles = roles
>	def isLoggedIn(self):
>		return self.mgr.isLoggedIn(self)
>	def getName(self):
>		return self.name
>	def playsRole(self, role):
>		return (role in self.roles)
>	def __str__(self):
>		return "<User %s>" % self.name
>  
>
Where is self.roles() and what does it look like? (if you don't mind me 
asking)

Seems like you fundamentally have a lookup table that corresponds to 
users and pages; I need finer control than that. But thanks for the 
lead; I'll look up the .NET stuff.