i dont really know if this is the proper forum... but forgive me for this question... security wise, which one is better... java or python??? ------------------------------------------------------------ ronald ali l. mangaliag computer applications department saint louis university 2600 baguio city, philippines ------------------------------------------------------------ ------------------------------------------------ E-mail service provided by SLUNET Saint Louis University ( http://www.slu.edu.ph ) ------------------------------------------------
At 01:59 PM 9/7/2002 +0800, Ronald Mangaliag wrote:
i dont really know if this is the proper forum... but forgive me for this question...
security wise, which one is better... java or python???
Depends in part what you mean by security. Some kinds of security are more the responsibility of the operating system kernel than the responsibility of any particular process designed for user space. Certainly Java has lots more built in security classes, inherited by the Applet class and so on. It was designed from the ground up to allow clients to safely download and run code over the internet. One shouldn't be lulled into complacency though: standalone Java programs have as much power to be malicious as any. That's where a certification authority comes in: you want to know where a program came from, and whether to trust this source, before you give it the OK to run on your CPU. But maybe that's not what you meant be security. If you're running your programs on the server side, then Python may be the way to go. Python is often used in-house, where employees mostly trust one another not to be malicious. If you mangle class methods or properties to make them private, it's more to make the code readable/understandable, than it is to frustrate some would-be cracker. Kirby
thanks kirby.... i'm in the process of making a simple database project to be run in a local server... no one uses python here... i guess, i'm the only one... :) i would like to have some "bullets" or facts to convince them to use python on the server side instead of java servlets... our main concern right now is the security of python in a networked environment... i am new to python and certainly new to java... what could be my guidelines so that at least i can convince them to use python... though i'm a certified pythoniac... i really need resources to convince my colleagues... thanks in advance... Quoting Kirby Urner <urnerk@qwest.net>:
i dont really know if this is the proper forum... but forgive me for
At 01:59 PM 9/7/2002 +0800, Ronald Mangaliag wrote: this
question...
security wise, which one is better... java or python???
Depends in part what you mean by security. Some kinds of security are more the responsibility of the operating system kernel than the responsibility of any particular process designed for user space.
Certainly Java has lots more built in security classes, inherited by the Applet class and so on. It was designed from the ground up to allow clients to safely download and run code over the internet.
One shouldn't be lulled into complacency though: standalone Java programs have as much power to be malicious as any. That's where a certification authority comes in: you want to know where a program came from, and whether to trust this source, before you give it the OK to run on your CPU.
But maybe that's not what you meant be security.
If you're running your programs on the server side, then Python may be the way to go.
Python is often used in-house, where employees mostly trust one another not to be malicious. If you mangle class methods or properties to make them private, it's more to make the code readable/understandable, than it is to frustrate some would-be cracker.
Kirby
------------------------------------------------------------ ronald ali l. mangaliag computer applications department saint louis university 2600 baguio city, philippines ------------------------------------------------------------ ------------------------------------------------ E-mail service provided by SLUNET Saint Louis University ( http://www.slu.edu.ph ) ------------------------------------------------
what could be my guidelines so that at least i can convince them to use python... though i'm a certified pythoniac... i really need resources to convince my colleagues...
http://www.python.org/Quotes.html Jython http://www.jython.org/ http://www.onjava.com/pub/a/onjava/2002/03/27/jython.html http://www.onlamp.com/pub/a/python/2002/04/11/jythontips.html http://www.oreilly.com/catalog/jythoness/ http://www.ssec.wisc.edu/~billh/visad.html Comparing Python to Other Languages [Guido van Rossum] http://python.org/doc/essays/comparisons.html Python vs. Java http://trident.mcs.kent.edu/~arvind/graduate-reports/jzhu.html A subjective analysis of two high-level, object-oriented languages Comparing Python to Java http://www.python-eggs.org/links.html Thinking in Python http://www.mindview.net/Books/Python/ThinkingInPython.html Python 9: Interview with Bruce Eckel After mastering the complexities of C++ and Java -and making them easy to grasp for thousands of programmers- Bruce Eckel has moved on to Python. He describes the language and its strengths in light of his experience with other languages and tools. Dr. Dobbs Technetcast [RealVideo stream] http://technetcast.ddj.com/tnc_play.ram?mode=compact&stream_id=466&stream_type=5 &clip_start=&clip_end=&style= Zope http://www.zope.org/ Resources http://www.vex.net/parnassus/ http://py.vaults.ca/~x/parnassus/apyllo.py/126307487 More Resources [links on a single page] http://www.python-eggs.org/links.html eGenix.com mx BASE Package: http://www.egenix.com/files/python/index.html Why I Promote Python by Paul Prescod http://www.oreilly.com/news/prescod_0300.html Google's Gaffe by Paul Prescod April 24, 2002 Extended discussion "...Later I will show a way to declare the types strongly and statically enough to satisfy the most ardent Java or C# masochist" http://www.xml.com/pub/a/2002/04/24/google.html hth ./Jason
A subjective analysis of two high-level, object-oriented languages Comparing Python to Java http://www.python-eggs.org/links.html
oops: cut'n'paste error there here is the correct url: A subjective analysis of two high-level, object-oriented languages Comparing Python to Java http://twistedmatrix.com/users/glyph/rant/python-vs-java.html Also you may want to read about the brilliant 'Twisted Matrix' framework and discuss it with your colleagues. It may be overkill for your current application, but it's very powerful and flexible. And a great testimony to Python's charms and capability in network applications. Written by people who worked with Zope [zope.org], and then graduated to develop something more open, with deeper interoperability ;-) This is one of the points stressed by Bruce Eckel in the Dr. Dobb's 2001 interview. http://technetcast.ddj.com/tnc_play.ram?mode=compact&stream_id=466&stream_type=5 &clip_start=&clip_end=&style= Python has rich landscape of contributed modules and frameworks. It does not demand you stay rigidly with any particular solution domain. With Python your are always free to engage other languages, components and toolkits according to your need, skill, and style. This is important when there is a mixed development team with preferred or legacy code to absorb and extend. Python has a rich ,loving family: It is supported by one of the best openSource, on-line communities anywhere. High signal-to-noise, smart and generous. And its growing... comp.lang.python http://starship.python.net/~just/comp.lang.python/ <quote> 'Twisted Matrix' - A Development Tool Twisted is a framework, written in Python, for writing networked applications. It includes implementations of a number of commonly used network services such as a web server, an IRC chat server, a mail server, a relational database interface and an object broker. Developers can build applications using all of these services as well as custom services that they write themselves. Twisted also includes a user authentication system that controls access to services and provides services with user context information to implement their own security models. Twisted provides important features needed for networking programming, both at the high and low levels: Pluggable event loops allowing the developer to take advantage of platform-specific capabilities. Abstractions of protocols and transports. Through Twisted Spread, mechanisms for network encoding of data (in Python, Java, ELisp, and other languages), to a full-blown distributed object system. </quote> ./Jason
I have recently been exploring the wonders of file upload via HTTP using enctype="multipart/form-data". Spyce has the *sweetest* solution yet: -- "fileupload.spy"-- [[\ if request.post('ct'): response.setContentType(request.post1('ct')) response.write(request.file('upfile').value) raise spyce.spyceDone ]] <html><body> Upload a file and it will be sent back to you.<br> [[-- input forms --]] <hr> <table> <form action="[[=request.uri('path')]]" method=post enctype="multipart/form-data"> <tr> <td>file:</td> <td><input type=file name=upfile></td> </tr><tr> <td>content-type:</td> <td><input type=text name=ct value="text/html"></td> </tr><tr> <td><input type=submit value=ok></td> </tr> </form> </table> </body></html> That's all folks! ./Jason
Python Server Pages There are many Python Server Pages toolkits to choose from. 'Spyce' is one of them... It's new and looks very nice. The site is helpful and very clear. So even if you don't use Spyce, but are consdering Python Server pages, it would time well spent. Includes short focused comparisons with other langauge offerings. [ =>> bullet points] http://spyce.sourceforge.net/ "SPYCE is a webserver plugin that supports simple and efficient Python-based dynamic HTML scripting. Those who like Python and are familiar with JSP, or PHP, or ASP, should have a look at this engine. It allows one to generate dynamic HTML content just as easily, using Python for the dynamic parts. Its modular design makes it very flexible and extensible. It supports FastCGI, CGI and mod_python to plugin into Apache and most other webservers. It can also be used as a command-line utility for HTML pre-processing or as a web server proxy. The easiest way to understand what Spyce can do is just to look through the examples in the documentation." http://spyce.sourceforge.net/doc_eg.html ... "Java Server Pages, JSP, is a widely popular, effective and well-supported solution based on Java Servlet technology. Spyce differs from JSP in that it embeds Python code among the HTML, thus providing two advantages over Java. First, Python is a high-level scripting language, where rapid manipulation of text is more readily performed. Second, Python is interpreted and dynamically-typed, which can be advantageous for rapid prototyping. Like Java, Python is portable." ... Performance "Although flexibility usually outweighs raw performance in the choice of technology, it is nice to know that the technology that you have chosen is not a resource hog, and can scale to large production sites. The current Spyce implementation is comparable to its cousin technologies: JSP, PHP and ASP." http://spyce.sourceforge.net/doc_perf.html ./Jason
thank you very much for your help... Quoting Jason Cunliffe <jason.cunliffe@verizon.net>:
Python Server Pages
There are many Python Server Pages toolkits to choose from. 'Spyce' is one of them... It's new and looks very nice. The site is helpful and very clear. So even if you don't use Spyce, but are consdering Python Server pages, it would time well spent. Includes short focused comparisons with other langauge offerings. [ =>> bullet points]
"SPYCE is a webserver plugin that supports simple and efficient Python-based dynamic HTML scripting. Those who like Python and are familiar with JSP, or PHP, or ASP, should have a look at this engine. It allows one to generate dynamic HTML content just as easily, using Python for the dynamic parts. Its modular design makes it very flexible and extensible. It supports FastCGI, CGI and mod_python to plugin into Apache and most other webservers. It can also be used as a command-line utility for HTML pre-processing or as a web server proxy. The easiest way to understand what Spyce can do is just to look through the examples in the documentation."
http://spyce.sourceforge.net/doc_eg.html ...
"Java Server Pages, JSP, is a widely popular, effective and well-supported solution based on Java Servlet technology. Spyce differs from JSP in that it embeds Python code among the HTML, thus providing two advantages over Java. First, Python is a high-level scripting language, where rapid manipulation of text is more readily performed. Second, Python is interpreted and dynamically-typed, which can be advantageous for rapid prototyping. Like Java, Python is portable."
... Performance "Although flexibility usually outweighs raw performance in the choice of technology, it is nice to know that the technology that you have chosen is not a resource hog, and can scale to large production sites. The current Spyce implementation is comparable to its cousin technologies: JSP, PHP and ASP." http://spyce.sourceforge.net/doc_perf.html
./Jason
_______________________________________________ Edu-sig mailing list Edu-sig@python.org http://mail.python.org/mailman/listinfo/edu-sig
------------------------------------------------------------ ronald ali l. mangaliag computer applications department saint louis university 2600 baguio city, philippines ------------------------------------------------------------ ------------------------------------------------ E-mail service provided by SLUNET Saint Louis University ( http://www.slu.edu.ph ) ------------------------------------------------
hi.... it's me again... i would like to create a small database to record all my students' profiles and and the current subject that they are enrolled in... now, i would like to create an interface for my students to upload their projects to a common place using the web (http possibly)... how will i go about the project??? what is the best server that i can use??? what database will i use (access, gadfly, etc)??? other things things that you think is necessary??? ------------------------------------------------ E-mail service provided by SLUNET Saint Louis University ( http://www.slu.edu.ph ) ------------------------------------------------
I think you should definitely look into Zope http://zope.org Jeff Elkner is using it I believe at Yorktown High School. Python Bibliotheca "The school fell in love with Zope as tool for building websites." http://www.ibiblio.org/obp/pyBiblio/schools.php
i would like to create a small database to record all my students' profiles and and the current subject that they are enrolled in...
Zope includes a persistent object-database and a server which publishes the database adn its methods to the web via a standard URL. All or parts of the ZODB [Zope Object DataBase] can be imported and exported as a single binary file. This same file works across operating systems. There are a number of other database components you can select depending on need. Also write your own and access any Python module. I had good resutsl using BerkelyDB on project. It's fast and a good fit to Python because of its dictionary design. The ZODB has been spun off from Zope for general Python use also, and well documented by Andrew Kuchling and others: http://www.zope.org/Documentation/Articles/ZODB1 http://www.zope.org/Products/StandaloneZODB
now, i would like to create an interface for my students to upload their projects to a common place using the web (http possibly)...
Zope let's you manage onctent with powerful permissions hierrchy. That includes upload via standard HTTP forms or with FTP. FTP puts you directly into the object database and is faster. The defautl Zope system is all done through the web. A wonderful complementary tool is Jerome Alet's ZShell which gives one simple Unix type shell access to managing Zope. I think it may be Zope's best kept secret. Don't leave home without it: http://www.librelogiciel.com/software/ZShell/action_Presentation
how will i go about the project??? what is the best server that i can use??? what database will i use (access, gadfly, etc)??? other things things that you think is necessary???
Zope is rich and complex, and growing. But you can do a tremendous amount straight out the box without end for any custom development. It has many components you can chose from. And an intense on-line community using and developing it. Each with their own wikis and mailing lists. Some people consider Zope overkill, or just don't feel right with it. It's free, openSource, cross platform, and installs very quickly on any machine. So it won't take you long to go for test drive and decide for yourself. There are several books out and many on-line docs and tutorials. An embarrassment of riches, like most of the Python world. ./Jason
Zope definitely rocks! I am using it not only at school, but for a number of community organization websites that I've helped set up. This year I plan to run a "paperless classroom", so the first thing that students are learning is how to use their Zope accounts. jeff elkner yorktown high school arlington, va On Mon, 2002-09-09 at 07:46, Jason Cunliffe wrote:
I think you should definitely look into Zope http://zope.org
Jeff Elkner is using it I believe at Yorktown High School.
Python Bibliotheca "The school fell in love with Zope as tool for building websites." http://www.ibiblio.org/obp/pyBiblio/schools.php
i would like to create a small database to record all my students' profiles and and the current subject that they are enrolled in...
Zope includes a persistent object-database and a server which publishes the database adn its methods to the web via a standard URL. All or parts of the ZODB [Zope Object DataBase] can be imported and exported as a single binary file. This same file works across operating systems. There are a number of other database components you can select depending on need. Also write your own and access any Python module. I had good resutsl using BerkelyDB on project. It's fast and a good fit to Python because of its dictionary design. The ZODB has been spun off from Zope for general Python use also, and well documented by Andrew Kuchling and others: http://www.zope.org/Documentation/Articles/ZODB1 http://www.zope.org/Products/StandaloneZODB
now, i would like to create an interface for my students to upload their projects to a common place using the web (http possibly)...
Zope let's you manage onctent with powerful permissions hierrchy. That includes upload via standard HTTP forms or with FTP. FTP puts you directly into the object database and is faster. The defautl Zope system is all done through the web.
A wonderful complementary tool is Jerome Alet's ZShell which gives one simple Unix type shell access to managing Zope. I think it may be Zope's best kept secret. Don't leave home without it: http://www.librelogiciel.com/software/ZShell/action_Presentation
how will i go about the project??? what is the best server that i can use??? what database will i use (access, gadfly, etc)??? other things things that you think is necessary???
Zope is rich and complex, and growing. But you can do a tremendous amount straight out the box without end for any custom development. It has many components you can chose from. And an intense on-line community using and developing it. Each with their own wikis and mailing lists. Some people consider Zope overkill, or just don't feel right with it. It's free, openSource, cross platform, and installs very quickly on any machine. So it won't take you long to go for test drive and decide for yourself. There are several books out and many on-line docs and tutorials. An embarrassment of riches, like most of the Python world.
./Jason
_______________________________________________ Edu-sig mailing list Edu-sig@python.org http://mail.python.org/mailman/listinfo/edu-sig
Zope definitely rocks! I am using it not only at school, but for a number of community organization websites that I've helped set up.
Zope not only rocks but it is quite addictive. I am a recovering Zopaholic ;-)
This year I plan to run a "paperless classroom", so the first thing that students are learning is how to use their Zope accounts.
Sounds interesting. Please keep us posted and good luck ./Jason
Zope at YorkTown http://linus.yorktown.arlington.k12.va.us/CS/
participants (4)
-
Jason Cunliffe -
Jeffrey Elkner -
Kirby Urner -
Ronald Mangaliag