Mailman 3 October 2008 - Twisted-web

Test
by Philippe Lafoucrière 05 Aug '21

05 Aug '21

Hi all just a test

3 2

Athena & browser 2-connection limit
by Harald Blåtand 17 Dec '08

17 Dec '08

Hi there, Been thinking about this. It _would_ be cool if you could have more than one LivePage per browser session, like in popups, or even frames. What do you think: Is there any obvious & fundamental reason why the ReliableMessageDelivery stuff couldn't be modified, so that one instance of it could be shared between several PageWidgets? Harald

6 19

Deferreds and Loops
by hancock.robert＠gmail.com 21 Oct '08

21 Oct '08

I want to get the contents of a list of URLs, and if the getPage is successful then I want to write it to a file. If it fails, I want to log a message. In addition, I would like to have this process run every five minutes. The problem is how to specify a yes/no scenario when the callbacks take arguments. Also, is the best way to loop to just put FeederProtocol.start() in a loop? any ehlp would be greatly appreciated. while true: get page if error: log else: write to file sleep 5 minutes class FeederProtocol(object): def get_page_error(self, _failure, log, feed_name): """ Failure while getting page. """ msg = 'While getting %s: %s' % (feed_name, _failure.getTraceback()) log.error(msg) _failure.trap(RuntimeError) # Caused chain to stop raise(RuntimeError) get_page(url): return client.getPage(url, timeout=30) def page_to_file(self, feed, name): try: fnout = os.path.join(app_conf['download_dir'], name) fout = open(fnout, 'w') except IOError, e: log.error('Opening %s: %s' % (fnout, e)) return try: fout.write(feed) except IOError, e: log.error('Wrting to %s: %s' % (fnout, e)) finally: fout.close() def start(self, urls): for url in urls: d = defer.succeed(self.printStatus()) d.addCallback(self.get_page, feed, log, app_conf) d.addCallbacks((self.page_to_file, log, app_conf), (self.get_page_error, log, feed[0])) class FeederFactory(protocol.ClientFactory): protocol = FeederProtocol() def __init__(self, url_list): urls = url_list self.start(self.urls) def start(self, urls): protocol.start(urls) if __name__=="__main__": name = 'mytest' urls = ['www.example.com', 'www.example2.com'] f = FeederFactory(urls) reactor.run()

2 1

integrating asynqueue
by Martin Bright 20 Oct '08

20 Oct '08

Hi! Has anyone successfully incorporated asynqueue (http://foss.eepatents.com/trac/AsynQueue/wiki) into their twisted web app? I'm trying to include it as a part of a service, and it doesn't seem to be consuming any jobs. Any pointers would be greatly appreciated. -martin

1 0

how to make output file include xml declaration in nevow web framework?
by Boern 13 Oct '08

13 Oct '08

Hi,all: I am a newbie for nevow and now I write a wap page ,but the output file don`t include xml declaration ,eg: <?xml version="1.0" encoding="utf-8"?> . how to resolve ? my wap browser need it to parse the xml context and how I make output file include xml declaration? -- Boern Parx

2 1

how I make output file include xml declaration ?
by Boern 13 Oct '08

13 Oct '08

Hi,all: I am a newbie for nevow and now I write a wap page ,but the output file don`t include xml declaration ,eg: <?xml version="1.0" encoding="utf-8"?> . how to resolve ? my wap browser need it to parse the xml context and how I make output file include xml declaration? -- Boern Parx

1 0

Tests in #3384 fix
by Aaron DeVore 11 Oct '08

11 Oct '08

I am working on completing the patch for ticket #3384 (HTTPClientFactory should follow relative redirects). The actual code is complete but the tests are not. I need some input as to how many tests I should write. If I write a test for every possible case I would have about 10 new tests and 40 new lines of code. The tests would be a mix of the following: - Absolute path (starts at the root directory on the server) versus relative path (starts at the current directory) - With(out) a trailing slash in factory.url - With(out) non-path component (a mix of param, query, and fragment as returned by urlparse.urlparse) Should I be this thorough? -Aaron

2 2

multiple sessions on same host:port
by Federico Tomassini 07 Oct '08

07 Oct '08

Hello, I'm wondering about the chance to create multiple sessions with guard, on the same host:port. The idea is: i set up an apache proxy that, depending on the first segment of the url requested (/foo or /bar, for example) will forward client requests on different twisted-nevow applications, running behind. Now, it seems to be a good idea, because the root resource associated with each request will depend on the first segment. The problem is: each twisted-nevow application will want to create a cookie to handle the session. Being these cookies related to the same host:port, the different twisted-nevow applications will be in conflict, maybe overwriting the cookies created by their friends. Is this correct? Or cookies depend on the url? Are browsers aligned on cookies handling? Or is it possible to expect a different behaviour from different clients? -- efphe Today is Setting Orange, the 61st day of Bureaucracy in the YOLD 3174

2 2

Session class
by Maarten ter Huurne 03 Oct '08

03 Oct '08

Hi, I was looking at twisted.web.server.Session recently and the way session timeouts work. The values of sessionCheckTime and sessionTimeout are not tied together in any way. This means that if you increase the sessionTimeout, session expiry is checked uncessarily often (although one check per 30 minutes is not likely to become a performance problem). In the opposite case, sessions with a short sessionTimeout will not be expired faster than the sessionCheckTime. The Request.getSession() method does not check whether the session has already expired. Also, it calls Session.touch(), so if the session was past its sessionTimeout but before the sessionCheckTime, it will be revived. None of this is a critical problem, but it does feel a bit strange. Is the current design motivated by something I haven't understood yet, or is it something that works well enough in typical use even though it has some unexpected special cases? While reading the implementation of Session, I was wondering about the security aspects of it. Currently, Request.getSession() returns a cookie that is not marked as secure, even if the request was made over HTTPS. This means that for example someone in control of a WiFi access point can trick the browser into sending the session cookie unencrypted. Is this indeed the case? And if so, what is the way to fix it: should people requiring secure cookies avoid the Session class, or should a notion of a "secure session" be added to the Session class? I was also wondering about the session UID. This UID is generated from a random number (from Python's Mersenne Twister) and a counter. Then an MD5 sum is computed over the string representation of both. If the same Python process uses the same random generator (global instance from the "random" module) for outputting non-hashed values as well, an attacker would be able to learn the current state of the random generator and predict the next random number. Since the counter is also predictable, guessing the next session UID would be simple. Is the UID intended to be secure, or is it only intended to have a low chance of collisions with other UIDs? If it is intended to be secure, one way of fixing it would be to use a secure random generator for generating the UID. However, secure random generators depend on external entropy, which might take some time to acquire. This would make the UID generation a potentially blocking operation, which would require Request.getSession() to return the session via a deferred instead of directly. A possible way to reduce UID predictability is to instantiate a random generator which is used only for creating UIDs, instead of using a shared instance. Since all outputs based on these random numbers are hashed, it will be much harder to predict the state of the random generator. My crypto knowledge is not sufficient though to say whether this would make it secure or just less insecure. Bye, Maarten

4 5

Twisted-web October 2008