hi there, folks:
I'd really like to release 0.7.0 but I would like it to be at least a
little bit tested before I do so. Could those of you with CVS trees check
everything out and see if it performs as advertised? Deeper bugs than
that will have to wait for the next release, but I'd at least like to know
if it works for someone other than me.
______ __ __ _____ _ _
| ____ | \_/ |_____] |_____|
|_____| |_____ | | | |
@ t w i s t e d m a t r i x . c o m
On Thursday, August 28, 2003, at 10:32 AM, itamarst CVS wrote:
> log stderr and non-zero exit code in CGIs, don't show info to users as
> it is a security risk (closes issue #241)
We shouldn't swallow errors in these situations. If it's a security
risk, provide a way for the server administrator to turn it off, but
this is a _bad_ default.
If you doubt the wisdom of making this default, please consult any
number of Perl FAQs of the form:
Q. "I wrote a CGI and it works perfectly, but now I moved it to
another server and I get nothing but a "500 Internal Server Error"
page. How do I tell what went wrong!?!?!?"
A. Look in your apache logs.
Q. "I looked at my apache logs and nothing makes sense! How do I tell
what the error was??!"
Also, could you clarify the security risk of displaying stderr from CGI
scripts? I've never heard of a CGI that puts security-critical
information on stderr rather than stdout and makes it a risk to display
Hello! Suppose I run task in worker thread (e.g. database transaction)
and I need to do some IO (PB call) and get the result from it during
transaction. Since I run not in reactor's thread it's ok to block and
wait for the result. I know that there is callFromThread but it never
return any result. Is it possible to implement something like
callFromThread that can block, wait for result and return it?
Thanks in advance,
Can anybody provide a working, simple example of a SSL-capable web-server
using Twisted ?
Any hints or clues regarding installation of openssl or other required
library is also interesting.
Thanks in advance,
<p><font size="2" face="Arial, Helvetica, sans-serif">Over 20 Million American Families are Without Health Insurance,<br>
Are You and Your Family One of Them</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">We Offer the Newest, Most
Service on the Internet, So Don’t Wait Any Longer</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><br>
<a href="http://www152.bestspotsontheinternet.com/hinsurance/ad/text1_click">Get Your Insurance Quote Today</a>!<br>
If you do not wish to receive these offers in the future,<br>
<a href="http://www152.bestspotsontheinternet.com/hinsurance/ad/text1_remove">Click Here</a> to remove yourself now<br>
</html>tevdj vxrh y
c qka i
Mentioning IRC frustrations in my message to paul reminded me of something.
There is one stylistic hint in particular I'd like to point out, because
it causes the most misunderstanding, and it seems as though it may be
particular to our peculiar IRC subculture. If you're in #twisted and
somebody says something like this:
<usr> Hi there! I am a user with a proble integrating widgets and
frobules, and there seems to be a problem with version 2.5-X of Twisted.
<dev> i guess you are just an idiot then! haha idiot
Though I seriously doubt such a straightforwardly hostile exchange would
occur, watch the punctuation in the #twisted regular's phrase. If it
follows the pattern
<dev> sentence with no punctuation! additional sentence
it is most likely intended as sarcasm, whereas if it is phrased with
mroe conventional grammar and punctuation,
<dev> I guess you're just an idiot, then. Heh. Idiot.
Then you should really be offended :-). Other cues of sarcasm include
use of the word "r" (for "are"), "si" (for "is"), and "teh" (for "the")
We rarely make those typos unintentionally.
Hi. I hate duplicated effort (that has not real reason to be
duplicated), and noticed this:
secsh is a module for python 2.3 that implements the SSH2 protocol for
secure (encrypted and authenticated) connections to remote machines.
unlike SSL (aka TLS), SSH2 protocol does not require heirarchical
certificates signed by a powerful central authority. you may know SSH2
as the protocol that replaced telnet and rsh for secure access to remote
shells, but the protocol also includes the ability to open arbitrary
channels to remote services across the encrypted tunnel (this is how
sftp works, for example).
the module works by taking a socket-like object that you pass in,
negotiating with the remote server, authenticating (using a password or
a given private key), and opening flow-controled "channels" to the
server, which are returned as socket-like objects. you are responsible
for verifying that the server's host key is the one you expected to see,
and you have control over which kinds of encryption or hashing you
prefer (if you care), but all of the heavy lifting is done by the secsh
it is written entirely in python (no C or platform-dependent code) and
is released under the GNU LGPL (lesser GPL).
Could the conch guy please email the author of secsh and see whether
they could unite their efforts? Please? Thank you.
I am having trouble using ClientFactory to communicate from within a server.
Specifically, I can't figure out the proper way to exit from the client
Included is some example code illustrating the problem I am having. It is the
simple echo server example, but when someone sends some text to the server, I
am trying to talk to an SMTP server to send an email. This is just an example
(there are probably better ways to fire off an email), but you get the idea.
The client code never "exits" and if I try to use reactor.stop() it causes a
So how do I properly exit from this client code, or (being new to twisted) am
I going about this in the entirely wrong way? Thanks.
from twisted.internet import reactor
from twisted.internet.protocol import Protocol, ClientFactory, ServerFactory
"""This is just about the simplest possible protocol"""
def dataReceived(self, data):
"As soon as any data is received, write it back."
factory2 = MySMTPClientFactory()
host = 'localhost'
port = 25
reactor.connectTCP(host, port, factory2)
print "Returned from sending email"
# ^ Never gets to this point
def dataReceived(self, data):
sys.stdout.write('Server said: ' + data)
if data[:3] == "220":
self.stage = 1
if data[:3] == "250":
if self.stage == 1:
self.stage = 2
elif self.stage == 2:
self.stage = 3
elif self.stage == 3:
self.stage = 4
elif self.stage == 4:
# ^ This causes a traceback
if data[:3] == "354":
# Ready to send actual email
self.transport.write("This is a test email\n.\n")
def startedConnection(self, connector):
print 'Started to connect.'
def buildProtocol(self, addr):
def clientConnectionLost(self, connector, reason):
print 'Lost connection. Reason:', reason
# ^ Causes a traceback here too
def clientConnectionFailed(self, connector, reason):
print 'Connection failed. Reason:', reason
"""This runs the protocol on port 8000"""
factory = ServerFactory()
factory.protocol = Echo
# this only runs if the module was *not* imported
if __name__ == '__main__':
lately i did some dirty Deferred tricks and i just want to know if there
is a better way to do what i did. the situation is as follows:
a server exposes through pb a "session" object. the client can call on
that object "execute" (any number of times) and then "abort" or "end" to
end the session. the session is created by calling "new_session" on the
remote perspective (after authentication, etc.)
now, for a simple get session/execute/end sequence i don't want to write
n+1 callbacks (one that waits for new_session and call execute, next one
that wait on execute and call next, etc.) so here is what I did (inside
a mixin class used in the client):
def execute(self, trans, *args, **kwargs)
cb = kwargs.get('callback', None)
dfr = self.server.callRemote(trans, *args)
dfr = self.session()
cb = Deferred()
dfr.addCallback(self._execute_got_session, trans, cb, *args)
def _execute_got_session(self, session, trans, cb, *args):
self._session = session
return self.execute(trans, *args, callback=cb)
that is, from the client the user can just do:
d = self.execute("set-foo", 42)
and in the callback call .execute again (and be sure to be in the same
session) or call end or abort to terminate the session.
what i want to know is if the "cb" trick and chainDeferred call are a
dirty hack or if that's the way they are supposed to be used and if
there is a better way to do what i do.
Federico Di Gregorio
Debian GNU/Linux Developer fog(a)debian.org
INIT.D Developer fog(a)initd.org
Lasciate che i furetti vengano a me. -- Maria Luisa Benedetta Panzani
> With isLeaf=False, the root resource will _never_ have its
> render() method called. That is because the request for
> the root resource is always '/', not ''.
> (i.e., "GET / HTTP/1.1", not "GET HTTP/1.1")
> '/'.split('/') == [''], which means that getChild('', request) will
> be called. Therefore, your root resource must respond to
> getChild('', request).
This is so tricky. Your suggestion does not work because I want to pass a
parameter for the dynamic page which I read out with request.postpath.
You know what would solve my problem really quickly: If I would know how to
call a child manually (or not even a child but the static.File('.')
resource). I have come up with the following code but it does throw me a " does not
return a string" error:
isLeaf = True
def render(self, request):
if request.postpath == 'static':
return self.getChild('static', request)
root = Container()
site = server.Site(root)
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService
Jetzt kostenlos anmelden unter http://www.gmx.net
+++ GMX - die erste Adresse für Mail, Message, More! +++