Mailman 3 August 2003 - Twisted

[Twisted-Python] Twisted Python 0.7.0 Prerelease Testing
by Glyph Lefkowitz 05 Aug '21

05 Aug '21

hi there, folks: I'd really like to release 0.7.0 but I would like it to be at least a little bit tested before I do so. Could those of you with CVS trees check everything out and see if it performs as advertised? Deeper bugs than that will have to wait for the next release, but I'd at least like to know if it works for someone other than me. Thanks. ______ __ __ _____ _ _ | ____ | \_/ |_____] |_____| |_____| |_____ | | | | @ t w i s t e d m a t r i x . c o m http://www.twistedmatrix.com/~glyph/

4 5

[Twisted-Python] Re: [Twisted-commits] log stderr and non-zero exit code in CGIs, don't show info to users as it is a security risk (closes issue #241)
by Glyph Lefkowitz 31 Dec '03

31 Dec '03

On Thursday, August 28, 2003, at 10:32 AM, itamarst CVS wrote: > log stderr and non-zero exit code in CGIs, don't show info to users as > it is a security risk (closes issue #241) We shouldn't swallow errors in these situations. If it's a security risk, provide a way for the server administrator to turn it off, but this is a _bad_ default. If you doubt the wisdom of making this default, please consult any number of Perl FAQs of the form: Q. "I wrote a CGI and it works perfectly, but now I moved it to another server and I get nothing but a "500 Internal Server Error" page. How do I tell what went wrong!?!?!?" A. Look in your apache logs. --- Q. "I looked at my apache logs and nothing makes sense! How do I tell what the error was??!" A. ... Also, could you clarify the security risk of displaying stderr from CGI scripts? I've never heard of a CGI that puts security-critical information on stderr rather than stdout and makes it a risk to display to users.

2 4

[Twisted-Python] error in pollreactor.py
by Eric C. Newton 31 Aug '03

31 Aug '03

Method _dictRemove of pollreactor.py: def _dictRemove(self, selectable, mdict): try: # the easy way fd = reader.fileno() except: # the hard way: necessary because fileno() may disappear at any # moment, thanks to python's underlying sockets impl for fd, fdes in selectables.items(): if selectable is fdes: break else: # Hmm, maybe not the right course of action? This method can't # fail, because it happens inside error detection... return if mdict.has_key(fd): del mdict[fd] self._updateRegistration(fd) First, "reader.fileno()" is just not going to work because there is no variable "reader" in the scope. This error is hidden by the all-encompassing except clause. Second, this comment about fileno() disappearing... I don't believe it. Does anyone know if this is really true? Code works (in my limited tests) if changed to: def _dictRemove(self, selectable, mdict): fd = selectable.fileno() if mdict.has_key(fd): del mdict[fd] self._updateRegistration(fd) -Eric

2 1

[Twisted-Python] Twisted sure is Twisted :)
by John Janecek 31 Aug '03

31 Aug '03

Twisted once u get a grip on it sure is pretty impressive. I used twisted to forward UDP packets as a relay. Take one UDP packet and then retrans it to many other clients. On a FreeBSD box P3 750 the delay in retrans on packet to like 5 clients was less then 1ms which was very impressive. In using twisted i know the reactor is broken in wxpython. What would happen if u ran a normal reactor in a seperate thread, and then passed the info from twisted into wxpython using an event handler similar to the wxpython thread demo ?? The only problem with that is i can not see how u would pass info from wxpython back into twisted. Hmmmm maybe if u made a queue, and then passed the commands onto a queue and then the reactor would pull them off. Something to ponder :). Solution on ActiveState cookbook will work, but i do not like timers. The idea behind deferred is intresting. The defered call back does not seem to fire until it is added. How the heck does that work ? I am refering to the database example. Hmmmm not really important but kinda neat. def getAge(user): return dbpool.runQuery("SELECT age FROM users WHERE name = ?", user) def printResult(l): if l: print l[0][0], "years old" else: print "No such user" d=getAge("joe") d.addCallback(printResult) like here d is the function getAge. My gut instict tell me the moment I call getAge the database query should be run. But yet it is not run till u add the callback. and if i add an errorback after it, it is not run till it has been added also, I can not see how it works :)). Hmmmm must be part of the magic :)) Starting to look into woven. Basic examples are impressive. It is a real object oriented web design. In the sandbox on CVS in the directory glyph there is an example on forms. I am unable to get it to work. It runs but eveytime I try and make it work I get in my browser the error no such child resource. I guess I have to keep pluggin away at it :). My limited experience shows i need to change my thinking, since twisted is not a "API" system like PHP, but more of a framework. Maybe it would help if i drank a bottle of vodka first :) I guess the only complaint i have about twisted is lack of woven examples, like for forms and guard. But heya it is opensource and free, so if i do not like it I can use some crappy comercial product :)). Anyways Twisted is really cool. A lot of it seems to be very magical :). Pondering whether I should get rid of my apache server and run a twisted one :)). Anyway this is the crap i ramble off at 4 am :) Just basically wanted to say twisted is cool.

2 1

[Twisted-Python] Plain text password with PB authentication?
by Boersma, Matt 30 Aug '03

30 Aug '03

First, thanks to Itamar for nudging me in the right direction. I never thought of looking at the unit tests for documentation, but so far that's the clearest explanation of the new PBServerFactory stuff I've seen. Here's my problem. I have a PB client that calls login against the server, with a UsernamePassword object as credentials. PB sets up for me nice default implementations of the authentication mechanisms, but refuses to send the actual password to the server, only a doubly MD5-hashed version of same. No! Stop your flames! Trading only hashes across the wire makes perfect sense--in most cases. I fully understand, and I've written nearly identical Java code recently to do the same. But...in this case I want simply to delegate the actual authentication on the server side to an Oracle login. That is, if I can get a SQLConnectionPool with the given username and password and execute a test query, then the user is considered authenticated. This requires that the server have the actual password, not its hash. (Oracle doesn't appear to support anything besides clear text login, at least through the cx_Oracle and DCOracle2 APIs.) So my options are: - Create subclasses of PBClientFactory, CredentialsChecker, perhaps others, purely to undo the strict md5-hashing behavior of PB instead supply the clear text password. - Leave the existing authentication as-is and create a dummy CredentialsChecker that always allows login. Then do the "real" authentication in a secondary method the client is required to call. Which of these two ugly approaches is more Twisted? This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system.

3 2

[Twisted-Python] DeferredList failure accumulation
by Justin Johnson 29 Aug '03

29 Aug '03

I've been doing a lot with DeferredList's lately and just want to make sure I'm doing things the "right" way. There a couple different situations where I want to report errors in Deferred's that are added to a DeferredList. 1) I define a remote_status method on the PB client that initiates the request. The PB server calls the remote_status method on the client to update the status for the particular task and redisplay the grid below, and if the status if a failure, passes the failure as an argument which gets added to an overall list of failures that are displayed nicely when all tasks are complete. | 1 | 2 | 3 | 4 | status ---------------------------------- job1 | S | S | S | S | success ---------------------------------- job2 | S | F | S | F | failure ---------------------------------- Failures ---------------------------------- Task: job2 Step: step2 Failure: blah blah blah Task: job2 Step: step4 Failure: blah blah blah 2) If the DeferredList is used in a general class that represents some data type worked on by the PB server, have each Deferred have an errback that adds its errors into a list of errors. Then add a callback to the entire DeferredList that checks to see if there are any accumulated failures. If it finds failures, it errback's with a list of the failure objects represented as strings so we don't have to deal with InsecureJelly problems. Does this sound like an alright way to do this? Anyone have any suggestions at improving this? Thanks. -Justin

1 0

[Twisted-Python] New PB API example?
by Boersma, Matt 29 Aug '03

29 Aug '03

Howdy twisters, I'm writing a Perspective Broker client-server app. Things have been working fine, but as of recent Twisted builds (1.07 alpha 5?), my server code warns me that code like this: app = Application('myserver') app.listenTCP(8789, BrokerFactory(MyServer())) app.run() is deprecated. Specifically, that I should replace BrokerFactory with PBServerFactory. So I have plunged into catching up with this new API. And I'm heavily confused. All the existing HOWTOs and pbxxxx.py examples still use (deprecated) code as above. And even after searching the mailing list and re-reading the PB tutorials, I'm not getting it. I'd like my client to use PBClientFactory.login, and for the server to authorize the client by logging in to an Oracle database and running a test query. (Credentials in this case map directly to Oracle username/passwords--don't flame me, I inherited this system.) Then the client receives a remotely callable Perspective specific to his or her role in this system. I'm specifically unclear as to how to use my Authorizer subclass, and if I need to create a Portal subclass and plug it in to PBServerFactory. If anyone has even a trivial example of how to use the new PB cred APIs, I'd be very grateful if you could share it with me. This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system.

2 1

[Twisted-Python] Woven dynamic table, patterns and idioms wanted.
by Syver Enstad 29 Aug '03

29 Aug '03

I am finally beginning to grasp woven, but I have a bit of code in my woven application that seems to reimplement views and would like some advice on how to avoid that. The scenerio is as follows: I have a table with a header and a rows where each row present an object. I use view="List" but I can't specify each attribute in the object as a column in the table with model and view because these are dynamic. In a static solution this would look something like this: <table model="myModel" view="List"> <tr pattern="listItem"> <td model="anAttribute" view="Text" /> <td model="anotherAttribute" view="Date" /> <td model="aThirdAttribute" view="Money" /> </tr> </table> The solution that I use now which works okay is to just specify a custom view on the whole object (for each row) and use that view to generate the xml, including custom formatting and so on. This means that I basically reimplement the woven view functionality. What I have now is something like this: <table model="myModel" view="List"> <tr pattern="listItem" view="myCustomTableRowView"/> </table> Where myCustomTableRowView basically loops through a table listing the required fields and formatting for this kind of object, creates a td for each of them, formats the data. My naive take on this would be to be able to specify model and view attributes on the xml I generate, but when I tried this it wouldn't work, I guess it is to late in the process to do so. If anyone has any ideas on woven idioms/patterns for this type of application, I would be glad to hear of it.

1 0

[Twisted-Python] timeout using LivePage
by Sean Gillies 26 Aug '03

26 Aug '03

Hi, Am very new to Twisted but am quickly finding that I like it. All my questions and comments involve Twisted 1.0.6 in combo with Python 2.3 on OS X. I've run into a problem while making a rough .rpy prototype of a mapping application (ala MapQuest) using the U of Minnesota MapServer's Python interface. I will need to have server-side handlers for javascript events to allow map zooming, panning, &c and so have been experimenting with LivePage. I intend that the code should render a map image, and upon clicking the image, we zoom into the map (changing model data), and redraw the map image. Unfortunately, browsers are unable to load the mapserv.rpy/?woven_hookupOutputConduitToThisFrame=1 URL that is generated by my instance of LivePage, and so the map is never redrawn as it should. The model data does get changed successfully, and when I manually reload the page, I do see the zoomed map image as I expect. What is this 'woven_hookupOutputConduitToThisFrame' all about? Do I need to set up another method to handle this URL? I know that it's not recommended to put so much logic in the .rpy file, but as I said, a quick and dirty prototype is what I'm after. Am attaching the source of mapserv.rpy here: -------------------------------------------------------------------- import os import time from twisted.web.woven import page, widgets, controller, model from mapscript import * base_mapfile = 'navtech_std.map' # Get map object from the session data if we can class MapModel(model.MethodModel): def wmfactory_mapobj(self, request): session_obj = request.getSession() try: session_mapobj = session_obj.mapobj except AttributeError: session_mapobj = mapObj(base_mapfile) session_obj.mapobj = session_mapobj return session_mapobj # Widget for creating a temp map image and a tag linking to it class MapImage(widgets.Widget): def setUp(self, request, node, data): mapobj = data node.tagName = "img" imgobj = mapobj.draw() tmp_file = '%s_%d_%d.%s' \ % (mapobj.name, time.time(), os.getpid(), imgobj.format.extension ) imgobj.save(os.path.join('/tmp', tmp_file)) map_url = os.path.join('/tmp', tmp_file) node.setAttribute('src', map_url) node.setAttribute('height', str(mapobj.height)) node.setAttribute('width', str(mapobj.width)) node.setAttribute('border', '1') # Widget for displaying the current scale of the map class MapScale(widgets.Widget): def setUp(self, request, node, data): text = 'Scale: 1:%d' % (data.scale) newNode = request.d.createTextNode(text) node.appendChild(newNode) # Template, using the web conduit glue template = """<html> <body> <img model="mapobj" view="map_image" controller="map_ctrl"/> <p model="mapobj" view="map_scale" /> <div view="webConduitGlue" /> </body> </html> """ # Zoom into the map in the event of a javascript onclick class MyEventHandler(controller.Controller): def handle(self, request): self.view.addEventHandler("onclick", self.onClick) def onClick(self, request, widget): # Get session map object (layers and spatial extents) session_obj = request.getSession() try: session_mapobj = session_obj.mapobj except AttributeError: session_mapobj = mapObj(base_mapfile) session_obj.mapobj = session_mapob # zoom in on the map w = session_mapobj.width h = session_mapobj.height pt = pointObj() pt.x, pt.y = w/2, h/2 session_mapobj.zoomPoint(2, pt, w, h, session_mapobj.extent, None) print session_mapobj.extent.minx, session_mapobj.extent.maxx print self, "Zoomed!!!" # There is a better way to redraw the map, certainly request.redirect('http://localhost:8084/mapserv.rpy/') request.finish() # Page class class MyPage(page.LivePage): def wcfactory_map_ctrl(self, request, node, model): return MyEventHandler(model) # Resource resource = MyPage(MapModel(), template=template) resource.setSubviewFactory("map_image", MapImage) resource.setSubviewFactory("map_scale", MapScale) ----------------------------------------------------------------------- looking forward to any insights into LivePage and also looking forward to getting enough experience with Twisted that I can begin to contribute to the list discussions. cheers, Sean -- Sean Gillies sgillies at frii dot com http://www.frii.com/~sgillies

2 4

[Twisted-Python] Another silly XML-RPC question
by Steve Freitas 26 Aug '03

26 Aug '03

Hi all, This is maybe just a Python library question, but I'm not sure. I'd like to set up an XML-RPC server function to accept a dictionary/struct. So I thought I'd do this... def xmlrpc_foo(self, **mydict): But when I send it a struct, it throws an error of '0 args expected, 1 given,' much like... >>> def blah(**myDict): >>> return myDict['x'] >>> >>> print blah({'x':42, 'y':3}) ...does. So under regular Python, the way to make this work fine is: >>> def blah(myDict): >>> return myDict['x'] >>> >>> print blah({'x':42, 'y':3}) But when I try this under twisted... def xmlrpc_foo(self, myDict): return myDict['x'] I get a key error, saying strings are not callable. So how do I get a twisted xmlrpc function to accept a struct? I assume I have to take it into a string and somehow serialize it into a dictionary using XML-RPC magic I haven't learned about, as in... def xmlrpc_foo(self, myDict): ...magically transform myDict (a string) into myNewDict (a dict!)... return myNewDict['x'] Any help is appreciated! Thanks! Steve

3 5