[Tutor] Fwd: do you know how to do this

ALAN GAULD alan.gauld at btinternet.com
Thu Oct 12 14:36:14 CEST 2006 

Forwarding to the group...

--- anil maran <anilmrn at yahoo.com> wrote:

> Date: Thu, 12 Oct 2006 01:46:44 -0700 (PDT)
> From: anil maran <anilmrn at yahoo.com>
> Subject: do you know how to do this
> To: Alan Gauld <alan.gauld at btinternet.com>
> 
> The user, password and group are stored in a session on disk
> using 
> flup.middleware.session. You can change this to fit your needs
> like in 
> a database. I think someone have already extended the flup
> session with 
> a database store? 
> 
> Use the decorator function on your GET and POST method to set 
> authentication and provide which group are allowed. 
> 
> If auth is set to True and user/password/access did not match,
> a 
> redirect is made to /login. 
> 
> 
>  
> Anil
> 
> 
> 
> ----- Original Message ----
> From: Alan Gauld <alan.gauld at btinternet.com>
> To: tutor at python.org
> Sent: Thursday, October 12, 2006 12:31:04 AM
> Subject: Re: [Tutor] SQL Queries For MySQL
> 
> 
> > query = "SELECT * FROM DB WHERE NAME = %s" % (name)
> > cursor.execute(query)
> 
> There can be security issues with this style, especially 
> if the parameters can be modified by users - for example 
> you read the values from a web page.
> 
> The cursor.execute() call has the ability to pass the
> parameters 
> in directly, ie combining the two statements above into one. 
> The details of how ypou do that varies between database 
> drivers so you need to check the documents but I think for 
> MySQL its almost an exact translation:
> 
> query = "SELECT * FROM DB WHERE NAME = %s"
> cursor.execute(query, name)
> 
> If you search the ist archives you'll find a fairly long
> thread 
> describing the whys/wherefores in much more depth.
> 
> HTH,
> 
> -- 
> Alan Gauld
> Author of the Learn to Program web site
> http://www.freenetpages.co.uk/hp/alan.gauld
> 
> _______________________________________________
> Tutor maillist  -  Tutor at python.org
> http://mail.python.org/mailman/listinfo/tutor
> 
> 


Send instant messages to your online friends http://uk.messenger.yahoo.com

More information about the Tutor mailing list