[web2py:25369] Re: Using auth function (Approval)
I've tried to create my own auth table, but keep running into issues.
Here's the current version:
db.define_table(
"siteuser",
db.Field('user_id'),
db.Field('user_id__tmp'),
db.Field('firstname', length=128, default=''),
db.Field('lastname', length=128, default=''),
db.Field('email', length=128, default='', requires = [IS_EMAIL(),
IS_NOT_IN_DB(db,'%s.email'%'siteuser')]),
db.Field('password', 'password', readable=False, label='Password',
requires=CRYPT()),
db.Field('registration_key', length=128, writable=False,
readable=False,default=''),
db.Field('last_logged_in', type='datetime', default='now'),
db.Field('last_logged_in_from', length=36, default=''),
db.Field('created_on', type='datetime', default='now'),
db.Field('active', type='boolean', default=True)
)
auth=Auth(globals(),db)# authentication/authorization
# define custom tables (table_user_name is 'auth_user')
auth.settings.table_user_name = 'siteuser'
auth.define_tables() # creates all needed tables
Now I've received a plethora of different errors, but the current one
is:
ProgrammingError: relation "siteuser" does not exist
That makes no sense to me, as it's defined above. I've also tried
using auth.settings.table_user = db.define and then I get errors
about user_id__tmp missing or something.
Can anybody provide a complete example of how they extended the auth
user table? I'm using v1.64.4
Thanks!
-rob
On Jun 30, 10:01 am, mdipierro wrote:
> Mind to this
>
> auth.settings.table_user_name = 'member'
>
> beforeauth.define_tables()
>
> On Jun 30, 2:09 am, Fran wrote:
>
> > On Jun 30, 2:07 am, Mico Siahaan wrote:
>
> > > 1. Can we rename the auth_user table to other for example to member
> > > table?
>
> > Yes:
> >auth.settings.table_user_name = 'member'
>
> > > 2. Can rename field id to other for example to memberId?
>
> > No
> > All Web2Py tables need a field called 'id'
>
> > F
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~--~~~~--~~--~--~---
[web2py:25396] Re: Using auth function (Approval)
Thanks for the quick reply! I added the line
"auth.settings.table_user=db.siteuser" and I'm still getting the same
error. Here's the traceback:
Traceback (most recent call last):
File "/home/rob/Desktop/web2py/gluon/restricted.py", line 107, in
restricted
exec ccode in environment
File "/home/rob/Desktop/web2py/applications/test/models/db.py", line
87, in
auth.define_tables() # creates all needed tables
File "/home/rob/Desktop/web2py/gluon/tools.py", line 528, in
define_tables
migrate=self.__get_migrate(self.settings.table_membership_name,
migrate))
File "/home/rob/Desktop/web2py/gluon/sql.py", line 989, in
define_table
query = t._create(migrate=migrate)
File "/home/rob/Desktop/web2py/gluon/sql.py", line 1341, in _create
sql_fields_aux, logfile)
File "/home/rob/Desktop/web2py/gluon/sql.py", line 1389, in _migrate
self._db._execute(sub_query)
File "/home/rob/Desktop/web2py/gluon/sql.py", line 761, in
self._execute = lambda *a, **b: self._cursor.execute(*a, **b)
ProgrammingError: relation "siteuser" does not exist
Line #87 in db.py is: auth.define_tables()
-rob
On Jun 30, 5:53 pm, mdipierro wrote:
> Try this:
>
> db.define_table(
> "siteuser",
> db.Field('user_id'),
> db.Field('user_id__tmp'),
> db.Field('firstname', length=128, default=''),
> db.Field('lastname', length=128, default=''),
> db.Field('email', length=128, default='', requires = [IS_EMAIL(),
> IS_NOT_IN_DB(db,'siteuser.email')]),
> db.Field('password', 'password', readable=False, label='Password',
> requires=CRYPT()),
> db.Field('registration_key', length=128, writable=False,
> readable=False,default=''),
> db.Field('last_logged_in', type='datetime', default='now'),
> db.Field('last_logged_in_from', length=36, default=''),
> db.Field('created_on', type='datetime', default='now'),
> db.Field('active', type='boolean', default=True)
> )
>
> auth=Auth(globals(),db) # authentication/authorization
> auth.settings.table_user_name = 'siteuser'
> auth.settings.table_user=db.siteuser ### this was missing
> auth.define_tables() # creates all needed tables
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~--~~~~--~~--~--~---
[web2py:25425] Re: Using auth function (Approval)
Emailed. Thanks for looking at it for me!
-rob
On Jul 1, 9:45 am, mdipierro wrote:
> can you please email me your db.py?
>
> On Jul 1, 5:12 am, Rob Scheibel wrote:
>
> > Thanks for the quick reply! I added the line
> > "auth.settings.table_user=db.siteuser" and I'm still getting the same
> > error. Here's the traceback:
>
> > Traceback (most recent call last):
> > File "/home/rob/Desktop/web2py/gluon/restricted.py", line 107, in
> > restricted
> > exec ccode in environment
> > File "/home/rob/Desktop/web2py/applications/test/models/db.py", line
> > 87, in
> > auth.define_tables() # creates all needed tables
> > File "/home/rob/Desktop/web2py/gluon/tools.py", line 528, in
> > define_tables
> > migrate=self.__get_migrate(self.settings.table_membership_name,
> > migrate))
> > File "/home/rob/Desktop/web2py/gluon/sql.py", line 989, in
> > define_table
> > query = t._create(migrate=migrate)
> > File "/home/rob/Desktop/web2py/gluon/sql.py", line 1341, in _create
> > sql_fields_aux, logfile)
> > File "/home/rob/Desktop/web2py/gluon/sql.py", line 1389, in _migrate
> > self._db._execute(sub_query)
> > File "/home/rob/Desktop/web2py/gluon/sql.py", line 761, in
> > self._execute = lambda *a, **b: self._cursor.execute(*a, **b)
> > ProgrammingError: relation "siteuser" does not exist
>
> > Line #87 in db.py is: auth.define_tables()
>
> > -rob
>
> > On Jun 30, 5:53 pm, mdipierro wrote:
>
> > > Try this:
>
> > > db.define_table(
> > > "siteuser",
> > > db.Field('user_id'),
> > > db.Field('user_id__tmp'),
> > > db.Field('firstname', length=128, default=''),
> > > db.Field('lastname', length=128, default=''),
> > > db.Field('email', length=128, default='', requires = [IS_EMAIL(),
> > > IS_NOT_IN_DB(db,'siteuser.email')]),
> > > db.Field('password', 'password', readable=False, label='Password',
> > > requires=CRYPT()),
> > > db.Field('registration_key', length=128, writable=False,
> > > readable=False,default=''),
> > > db.Field('last_logged_in', type='datetime', default='now'),
> > > db.Field('last_logged_in_from', length=36, default=''),
> > > db.Field('created_on', type='datetime', default='now'),
> > > db.Field('active', type='boolean', default=True)
> > > )
>
> > > auth=Auth(globals(),db) # authentication/authorization
> > > auth.settings.table_user_name = 'siteuser'
> > > auth.settings.table_user=db.siteuser ### this was missing
> > > auth.define_tables() # creates all needed tables
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~--~~~~--~~--~--~---
[web2py:26037] Re: Using auth function (Approval)
Odd. Here it is since it doesn't seem to want to email:
# coding: utf8
#
## This scaffolding model makes your app work on Google App Engine too
#
if request.env.web2py_runtime_gae: # if running on Google App Engine
from gluon.contrib.gql import *
### connect to Google BigTable
db = GQLDB()
## and store sessions and tickets there
session.connect(request, response, db=db)
### or use the following lines to store sessions in Memcache
# from gluon.contrib.memdb import MEMDB
# from google.appengine.api.memcache import Client
# session.connect(request, response, db=MEMDB(Client()))
else: # else use a normal relational database
# if not, use SQLite or other DB
db = SQLDB('postgres://webuser:w3bv...@localhost:5432/test')
#
## uncomment the following line if you do not want sessions
#session.forget()
#
#
## Define your tables below, for example
##
## >>> db.define_table('mytable',SQLField('myfield','string'))
##
## Fields can be
'string','text','password','integer','double','boolean'
## 'date','time','datetime','blob','upload', 'reference
TABLENAME'
## There is an implicit 'id integer autoincrement' field
## Consult manual for more options, validators, etc.
##
## More API examples for controllers:
##
## >>> db.mytable.insert(myfield='value')
## >>> rows=db(db.mytbale.myfield=='value).select(db.mytable.ALL)
## >>> for row in rows: print row.id, row.myfield
#
db.define_table('siteuser',
db.Field('user_id'),
db.Field('user_id__tmp'),
db.Field('firstname', length=128, default=''),
db.Field('lastname', length=128, default=''),
db.Field('email', length=128, default='', requires = [IS_EMAIL(),
IS_NOT_IN_DB(db,'%s.email'%'siteuser')]),
db.Field('password', 'password', readable=False, label='Password',
requires=CRYPT()),
db.Field('registration_key', length=128, writable=False,
readable=False,default=''),
db.Field('last_logged_in', type='datetime', default='now'),
db.Field('last_logged_in_from', length=36, default=''),
db.Field('created_on', type='datetime', default='now'),
db.Field('active', type='boolean', default=True)
)
db.define_table('game',
SQLField('name','string')
)
db.define_table('player',
SQLField('name','string'),
SQLField('game',db.game),
#SQLField('siteuser',db.siteuser),
SQLField('handgold','string',175)
)
#
## Here is sample code if you need:
## - email capabilities
## - authentication (registration, login, logout, ... )
## - authorization (role based authorization)
## - services (xml, csv, json, xmlrpc, jsonrpc, amf, rss)
## - crud actions
## comment/uncomment as needed
#
from gluon.tools import *
auth=Auth(globals(),db)# authentication/authorization
# define custom tables (table_user_name is 'auth_user')
#auth.settings.table_user_name = 'siteuser'
auth.settings.table_user = db.siteuser
auth.define_tables() # creates all needed tables
crud=Crud(globals(),db)# for CRUD helpers using auth
service=Service(globals()) # for json, xml, jsonrpc, xmlrpc,
amfrpc
## uncomment as necessary or consult docs for more options
#crud.settings.auth=auth # (optional) enforces authorization
on crud
#mail=Mail() # mailer
#mail.settings.server='smtp.gmail.com:587'# your SMTP server
#mail.settings.sender='y...@gmail.com' # your email
#mail.settings.login='username:password' # your credentials
#auth.settings.mailer=mail # for user email verification
#auth.settings.registration_requires_verification = True
#auth.settings.registration_requires_approval = True
#auth.messages.verify_email = \
# 'Click on the link http://.../verify_email/%(key)s to verify your
email'
On Jul 1, 12:05 pm, mdipierro wrote:
> did not get it: mdipie...@cs.depaul.edu
>
> On Jul 1, 10:47 am,RobScheibel wrote:
>
> > Emailed. Thanks for looking at it for me!
>
> > -rob
>
> > On Jul 1, 9:45 am, mdipierro wrote:
>
> > > can you please email me your db.py?
>
> > > On Jul 1, 5:12 am,RobScheibel wrote:
>
> > > > Thanks for the quick reply! I added the line
> > > > "auth.settings.table_user=db.siteuser" and I'm still getting the same
> > > > error. Here's the traceback:
>
> > > > Traceback (most recent call last):
> > > > File "/home/rob/Desktop/web2py/gluon/restricted.py", line 107, in
> > > > restricted
> > > > exec ccode in environment
>
[web2py:26038] Re: Using auth function (Approval)
I think it has something to do with the "length=" declaration. If I
remove it, it seems to get closer to working...if I leave it in (for
'string' types), it says that the relation does not exist and names
the table name and the line number for the line of code that has the
length= . Perhaps this is a bug of some sorts?
-rob
On Jul 9, 12:19 pm, Rob Scheibel wrote:
> Odd. Here it is since it doesn't seem to want to email:
>
> # coding: utf8
>
> #
> ## This scaffolding model makes your app work on Google App Engine too
> #
>
> if request.env.web2py_runtime_gae: # if running on Google App Engine
> from gluon.contrib.gql import *
> ### connect to Google BigTable
> db = GQLDB()
> ## and store sessions and tickets there
> session.connect(request, response, db=db)
> ### or use the following lines to store sessions in Memcache
> # from gluon.contrib.memdb import MEMDB
> # from google.appengine.api.memcache import Client
> # session.connect(request, response, db=MEMDB(Client()))
> else: # else use a normal relational database
> # if not, use SQLite or other DB
> db = SQLDB('postgres://webuser:w3bv...@localhost:5432/test')
>
> #
> ## uncomment the following line if you do not want sessions
> #session.forget()
> #
>
> #
> ## Define your tables below, for example
> ##
> ## >>> db.define_table('mytable',SQLField('myfield','string'))
> ##
> ## Fields can be
> 'string','text','password','integer','double','boolean'
> ## 'date','time','datetime','blob','upload', 'reference
> TABLENAME'
> ## There is an implicit 'id integer autoincrement' field
> ## Consult manual for more options, validators, etc.
> ##
> ## More API examples for controllers:
> ##
> ## >>> db.mytable.insert(myfield='value')
> ## >>> rows=db(db.mytbale.myfield=='value).select(db.mytable.ALL)
> ## >>> for row in rows: print row.id, row.myfield
> #
>
> db.define_table('siteuser',
> db.Field('user_id'),
> db.Field('user_id__tmp'),
> db.Field('firstname', length=128, default=''),
> db.Field('lastname', length=128, default=''),
> db.Field('email', length=128, default='', requires = [IS_EMAIL(),
> IS_NOT_IN_DB(db,'%s.email'%'siteuser')]),
> db.Field('password', 'password', readable=False, label='Password',
> requires=CRYPT()),
> db.Field('registration_key', length=128, writable=False,
> readable=False,default=''),
> db.Field('last_logged_in', type='datetime', default='now'),
> db.Field('last_logged_in_from', length=36, default=''),
> db.Field('created_on', type='datetime', default='now'),
> db.Field('active', type='boolean', default=True)
> )
>
> db.define_table('game',
> SQLField('name','string')
> )
>
> db.define_table('player',
> SQLField('name','string'),
> SQLField('game',db.game),
> #SQLField('siteuser',db.siteuser),
> SQLField('handgold','string',175)
> )
>
> #
> ## Here is sample code if you need:
> ## - email capabilities
> ## - authentication (registration, login, logout, ... )
> ## - authorization (role based authorization)
> ## - services (xml, csv, json, xmlrpc, jsonrpc, amf, rss)
> ## - crud actions
> ## comment/uncomment as needed
> #
>
> from gluon.tools import *
> auth=Auth(globals(),db) # authentication/authorization
>
> # define custom tables (table_user_name is 'auth_user')
> #auth.settings.table_user_name = 'siteuser'
> auth.settings.table_user = db.siteuser
> auth.define_tables() # creates all needed tables
> crud=Crud(globals(),db)
[web2py:26040] Re: Using auth function (Approval)
Nevermind. I upgraded to the latest version 1.65.1 and it seems to be
working. The only issue is I get the following when I click the
register link:
AttributeError: 'str' object has no attribute 'strftime'
I'm guessing my auth db table isn't quite right. Here's what I have:
db.define_table('siteuser',
db.Field('user_id'),
db.Field('user_id__tmp'),
db.Field('firstname', length=128, default=''),
db.Field('lastname', length=128, default=''),
db.Field('email', length=128, default='', requires = [IS_EMAIL(),
IS_NOT_IN_DB(db,'%s.email'%'siteuser')]),
db.Field('password', 'password', readable=False, label='Password',
requires=CRYPT()),
db.Field('registration_key', length=128, writable=False,
readable=False,default=''),
db.Field('last_logged_in', type='datetime', default='now'),
db.Field('last_logged_in_from', length=36, default=''),
db.Field('created_on', type='datetime', default='now'),
db.Field('active', type='boolean', default=True)
)
So, is there a structure for the minimal auth table needed?
Sorry to be such a noob...
-rob
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~--~~~~--~~--~--~---
[web2py:26050] Re: Using auth function (Approval)
Perfect - Thanks a ton!
-rob
On Jul 9, 1:23 pm, mdipierro wrote:
> db.Field('last_logged_in', type='datetime', default='now'),
>
> should be
>
> db.Field('last_logged_in', type='datetime', default=request.now),
>
> the default of a datatime cannot be a string.
>
> On Jul 9, 12:11 pm, Rob Scheibel wrote:
>
> > Nevermind. I upgraded to the latest version 1.65.1 and it seems to be
> > working. The only issue is I get the following when I click the
> > register link:
>
> > AttributeError: 'str' object has no attribute 'strftime'
>
> > I'm guessing my auth db table isn't quite right. Here's what I have:
>
> > db.define_table('siteuser',
> > db.Field('user_id'),
> > db.Field('user_id__tmp'),
> > db.Field('firstname', length=128, default=''),
> > db.Field('lastname', length=128, default=''),
> > db.Field('email', length=128, default='', requires = [IS_EMAIL(),
> > IS_NOT_IN_DB(db,'%s.email'%'siteuser')]),
> > db.Field('password', 'password', readable=False, label='Password',
> > requires=CRYPT()),
> > db.Field('registration_key', length=128, writable=False,
> > readable=False,default=''),
> > db.Field('last_logged_in', type='datetime', default='now'),
> > db.Field('last_logged_in_from', length=36, default=''),
> > db.Field('created_on', type='datetime', default='now'),
> > db.Field('active', type='boolean', default=True)
> > )
>
> > So, is there a structure for the minimal auth table needed?
>
> > Sorry to be such a noob...
>
> > -rob
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~--~~~~--~~--~--~---
[web2py:27938] Re: Default CRYPT() is unsecure
Very good points in this discussion. I would like to see the addition of a processing delay added for numerous failed login attempts. This is what the larger sites are doing now - it slows down the dictionary attacks by adding 1/2 a second to each successive bad login attempt until you hit some max (i.e. 20 seconds) and then it resets (note that it should be based on Host IP but also user account in case attacks are coming from multiple IPs). Using this method it will take a LONG time to crack a relatively strong pass and most people give up and go elsewhere. It's also nice because it isn't too much of a nuicance to a user (they might be annoyed by a 20 second login delay, but they can still get in vs being locked out). It's also pretty easy to implement. You add a table to track the "bad IPs" and count/clear them based on timestamps. Then you add a field to the users table to track successive failed login attempts on that account and clear it on each login. You could also always do like LiNode is doing and lock an account by resetting the pass to a random value after x bad logins and emailing the new pass to the user. just flat-out locking out users for a period of time can be used to a person's advantage. Say you knew "bob" had an account on a system, but you didn't want him to be able to access it. Then you'd just try a bunch of bad passwords using his login and he'd be locked out... Just my $0.02. Thanks for the all the great work on web2py - it's been a treat to work with! -rob On Aug 2, 6:57 pm, Jonathan Lundell wrote: > On Aug 2, 2009, at 3:10 PM, Jonathan Lundell wrote: > > > > > On Aug 1, 2009, at 9:48 AM, mdipierro wrote: > > >> Mind that none of this has anything to do with the ability of an > >> attacker to guess the passwords to access a web2py site. This is > >> about > >> protecting the users form the administrators who may decrypt their > >> hashed passords and access the users's account using their decrypted > >> passwords (of an attacker who is already in the system and can act as > >> the web2py administrator). But mind that the administrator does not > >> even need to decrypt passwords to access them. He just log > >> request.vars.password from the model file to get the login passwords > >> before they are encrypted. This is true in web2py and in any other > >> web > >> based system. > > >> I am much more concerned about a different issue: when an attacker > >> wants to enter a site and repeatedly guesses the password. > >> Perhaps there should be an option in auth that locks accounts after > >> many failed logins. We could have another system table to handle > >> that. > > > How about a default STRONG as well as HMAC? If a developer wants to > > allow weaker passwords, let the burden be in that direction. > > > An account-locking policy is a good idea. If the table has a > > timestamp, the lock can be temporary, at least initially. Lock the > > account for a n seconds after n failures. Or something like that. > > One reason for a delay that simply imposes rate-limiting is that > permanent (or semi-permanent) locking makes for an easy DOS attack. > > As for a system table, wouldn't auth_user be the logical place to put > the necessary fields? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~--~~~~--~~--~--~---
[web2py:27949] Re: Default CRYPT() is unsecure
>From what I've noticed (in regards to numerous different web services) it seems that the request IP can pretty much be spoofed if someone really wants to - so I would use it with the assumption it may be wrong (i.e. don't lock out the IP, but use it to slow down login processing). I'd also vote to not use something that only works with Apache as I think a lot of people use GAE and also Lighttpd. I don't know the full internal workings of the request variables, but I'm betting request.env.remote_addr is going to be your best bet for compatibility with all systems... Couple that with the tracking per user and it should be a pretty good deterrant against dictionary attacks I would suspect...but I'm by no means an expert...just been reading a ton about this lately and have implemented it into other php/asp/etc web services. -rob On Aug 4, 9:01 am, mdipierro wrote: > One issue is how to implement this if we use the > request.env.remote_addr then it does not work behind a proxy, if we > use request.env.http_x_if_forwarded_for, it works only on apache and > it can spoofed anyway. > > Ideas? > > Massimo > > On Aug 4, 7:50 am, Pynthon wrote: > > > Ah, nevermind then... > > > On 4 aug, 14:47, mdipierro wrote: > > > > This can be added easily and it does not affect backward > > > compatibility. > > > > Massimo > > > > On Aug 4, 7:37 am, Rob Scheibel wrote: > > > > > Very good points in this discussion. I would like to see the addition > > > > of a processing delay added for numerous failed login attempts. This > > > > is what the larger sites are doing now - it slows down the dictionary > > > > attacks by adding 1/2 a second to each successive bad login attempt > > > > until you hit some max (i.e. 20 seconds) and then it resets (note that > > > > it should be based on Host IP but also user account in case attacks > > > > are coming from multiple IPs). Using this method it will take a LONG > > > > time to crack a relatively strong pass and most people give up and go > > > > elsewhere. It's also nice because it isn't too much of a nuicance to a > > > > user (they might be annoyed by a 20 second login delay, but they can > > > > still get in vs being locked out). > > > > > It's also pretty easy to implement. You add a table to track the "bad > > > > IPs" and count/clear them based on timestamps. Then you add a field to > > > > the users table to track successive failed login attempts on that > > > > account and clear it on each login. > > > > > You could also always do like LiNode is doing and lock an account by > > > > resetting the pass to a random value after x bad logins and emailing > > > > the new pass to the user. > > > > > just flat-out locking out users for a period of time can be used to a > > > > person's advantage. Say you knew "bob" had an account on a system, but > > > > you didn't want him to be able to access it. Then you'd just try a > > > > bunch of bad passwords using his login and he'd be locked out... > > > > > Just my $0.02. > > > > > Thanks for the all the great work on web2py - it's been a treat to > > > > work with! > > > > > -rob > > > > > On Aug 2, 6:57 pm, Jonathan Lundell wrote: > > > > > > On Aug 2, 2009, at 3:10 PM, Jonathan Lundell wrote: > > > > > > > On Aug 1, 2009, at 9:48 AM, mdipierro wrote: > > > > > > >> Mind that none of this has anything to do with the ability of an > > > > > >> attacker to guess the passwords to access a web2py site. This is > > > > > >> about > > > > > >> protecting the users form the administrators who may decrypt their > > > > > >> hashed passords and access the users's account using their > > > > > >> decrypted > > > > > >> passwords (of an attacker who is already in the system and can act > > > > > >> as > > > > > >> the web2py administrator). But mind that the administrator does > > > > > >> not > > > > > >> even need to decrypt passwords to access them. He just log > > > > > >> request.vars.password from the model file to get the login > > > > > >> passwords > > > > > >> before they are encrypted. This is true in web2py and in any other > > > > > >> &
[web2py:31624] Ajax call to Controller - can it return data as it receives it?
Seeing if anyone has any ideas on a better way to do this... I've got a view that has a button. When the user presses the button, an ajax call is made to one of my functions in a controller. This function runs several large database queries. Currently, it returns the results (simple small amount of html text) stating whether each one was successful or not - but it doesn't return the results until all are complete. As you can guess, the user is sitting there for awhile waiting for some sort of response. Is there anyway to make a call from the function in the controller to return the response of each query after it happens rather than waiting until they all run? No view is necessary to render here, again it's just a small line of html text (i.e. in Red saying failed or green saying passed). The AJAX call just appends the output to a div. I've thought about having a function for each DB query and then calling the next function after the first one runs in the controller, but I only get 'None' as a response so something isn't quite right in that regards... Thanks in advance! -rob --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~--~~~~--~~--~--~---
[web2py:31628] Re: Ajax call to Controller - can it return data as it receives it?
Thanks for the suggestions Thadeus. I did think about using callbacks to issue further requests, but I'm trying to keep the overhead down by not establishing additional requests to the server. I mean the connection is already open and waiting, so I guess I'm looking for a way to send partial content to the browser from the controller ideally. If not possible, I can fallback and use AJAX callbacks. Any ideas on how to send partial content from a controller function? Thanks! -rob On Sep 24, 1:37 pm, Thadeus Burgess wrote: > Perhaps you should run only one query at a time, and in your handler > function specify a response.vars that tells it what query to run. > > In your ajax, have it callback using the first query, and in the success > function, display the html, and then issue another callback for the next > query. > > This way as soon one of the queries are finished the user is notified. > > Also, have a look at Nathan Freeze's clienttools.py, or my py2jquery.py that > is based off Nathan's clienttools. > > Nathan's is better documented, mine is still under heavy development, but it > is stable and works perfectly (its just not commented) > > clienttools -http://www.web2pyslices.com/main/slices/take_slice/8 > > py2jquery -http://pastebin.com/m6dd0b53 > > -Thadeus > > On Thu, Sep 24, 2009 at 12:29 PM, Rob Scheibel wrote: > > > > > Seeing if anyone has any ideas on a better way to do this... > > > I've got a view that has a button. When the user presses the button, > > an ajax call is made to one of my functions in a controller. This > > function runs several large database queries. Currently, it returns > > the results (simple small amount of html text) stating whether each > > one was successful or not - but it doesn't return the results until > > all are complete. > > > As you can guess, the user is sitting there for awhile waiting for > > some sort of response. > > > Is there anyway to make a call from the function in the controller to > > return the response of each query after it happens rather than waiting > > until they all run? No view is necessary to render here, again it's > > just a small line of html text (i.e. in Red saying failed or green > > saying passed). The AJAX call just appends the output to a div. > > > I've thought about having a function for each DB query and then > > calling the next function after the first one runs in the controller, > > but I only get 'None' as a response so something isn't quite right in > > that regards... > > > Thanks in advance! > > > -rob --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~--~~~~--~~--~--~---
