[web2py:10306] Re: Database sharing

Massimo, It makes sense to me now, thanks. Tommy On Wed, Oct 15, 2008 at 10:20 AM, mdipierro <[EMAIL PROTECTED]> wrote: > > In every case you need to choose a master application. > If you use SQLite, the master app will do > > db=SQLDB('sqlite://stoarge.db') > db.define_table(.) > > the other

[web2py:10305] Re: Database sharing

Thanks Tim, the information you provided is pretty cool. I will definitely read it and pratise it. On Wed, Oct 15, 2008 at 9:47 AM, Timothy Farrell <[EMAIL PROTECTED]> wrote: > Tommy, > > It depends on the database you are using. All databases (that I know > of) take multiple access into account

[web2py:10304] Re: database connection password

This is not a web2py issue. There are two weak points. 1) The connection between the web server(s) and the database server. You can secure it by using ssh, but the most common solution is have a local network behind the firewall and create firewall rules only allow traffic from the web server re

[web2py:10303] Re: database connection password

Massimo I too am concerned about the security of my DB password from prying eyes. I understand that when the database connection url uses localhost as in -> db=SQLDB('mysql://username:[EMAIL PROTECTED]: 3306/mydatabase'), when I upload to a shared webhosting server, to connect to the DB I am usin

[web2py:10302] Re: database connection password

In a typical production setting you would have a web server exposed to the internet and a secure local network. The connection with the database should go only over the local network. ssh will protect you from employees snooping around (and stealing database password) but will make the database co

[web2py:10301] Re: T2 FINAL?

thanks. Syntactics aside. Does the manual make sense? Massimo On Oct 15, 5:20 pm, Keith Edmunds <[EMAIL PROTECTED]> wrote: > Page 24: > > created signature stores the name of the person created the > record. > > created --> creating (or "who created") > - > > db.mytable.myfield.

[web2py:10300] Re: database connection password

Depends of why he needs to hide the connection parameters in the first place... Yarko: you can always do mysql over ssh. Not for the faint at heart, but it IS paswordless and secure. On Oct 15, 9:44 pm, yarko <[EMAIL PROTECTED]> wrote: > I think the issue is:  if the db server is on the same box

[web2py:10299] Re: 1.45 -> 1.46 and GAE

I just popped over to the GAE group and here is a thread that goes into this big time.: http://groups.google.com/group/google-appengine/browse_thread/thread/113020d7cbd69d8d/6035f03807c6ff21?lnk=gst&q=like+operator#6035f03807c6ff21

[web2py:10298] Re: T2 FINAL?

Page 24: created signature stores the name of the person created the record. created --> creating (or "who created") - db.mytable.myfield.comment is the comment to be shows in the third column of create/update forms. shows --> shown -- db.mytable.exposes is

[web2py:10297] Re: T2 FINAL?

Page 23: Thye must have at least the fields defiend in the default. should be: They must have at least the fields defined in the default. ^^ ^^ Keith --~--~-~--~~~---~--~~ You received this message because you are subscribed

[web2py:10296] Re: T2 FINAL?

typo on page 22 of the 15 October version: T2 defined tw widgets: should be T2 defines two widgets: Keith --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send

[web2py:10295] Re: 1.45 -> 1.46 and GAE

I agree Over 15 years ago when working in Microsoft Foxpro I had access to libraries that did fulltext indexing so that the like searches were fantastically fast and also provided the ability to do soundex type searches (which are sooo useful when reducing duplication of things like peoples names)

[web2py:10294] Re: nanites anybody?

I think this could be an awesome scale up feature for larger sites. Proides a roadmap for developers if the hit it big with an app and reduces the re-write time down the track. Although database design is till crucial to larger scaling apps. (ie archiving, partitioning, specific user domain tables

[web2py:10293] Re: Database sharing

Hi Stan, thank you. Let's see if I understand this correctly. You want to write code that generates python code from an Oracle "CREATE TABLE " string. Am I correct? This would be interesting by there are some limitations. The table must have an integer field "ID" and a trigger that does auto

[web2py:10292] Re: database connection password

I think the issue is: if the db server is on the same box, and the box is secure, then that's a limited issue; If the db server is accross a network, then nothing web2py (or anything else connecting) can help, without the support of the db - this practically means you find an alternate way of aut

[web2py:10290] Re: Database sharing

Massimo, Congratulations on an extremely impressive product! I would like to dig a little deeper into the question of attaching to existing databases. I have a fairly large Oracle database with many tables. I would like to 'attach' the web2py framework to this database (I would probably need t

[web2py:10291] Re: Database sharing

Massimo, Congratulations on an extremely impressive product! I would like to dig a little deeper into the question of attaching to existing databases. I have a fairly large Oracle database with many tables. I would like to 'attach' the web2py framework to this database (I would probably need t

[web2py:10289] Re: Database sharing

On Oct 15, 11:58 am, mdipierro <[EMAIL PROTECTED]> wrote: > web2py ONLY talks to the tabase engine in SQL and SQL does not prove a > means to query for table structure. In MS SQL you can: SELECT* FROM INFORMATION_SCHEMA.COLUMNS WHERE(table_name = 'tablename') I don't know about th

[web2py:10288] Re: database connection password

No that I know of. On Oct 15, 11:42 am, Pai <[EMAIL PROTECTED]> wrote: > Is there a way to hide password in the connection-string? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post

[web2py:10272] Re: 1.45 -> 1.46 and GAE

When you have SELECT * FROM table WHERE condition, the condition is always local, i.e. it is applied to each individual record. The check one record is independent on the check on other records. Therefore I believe LIKE, OR, IN, etc should scale on GAE as well as AND,=,<,>. I hope we will see them

[web2py:10287] Re: delete vulnerability?

yes, just catching up on threads; read the discussion there after posting here On Oct 15, 12:19 pm, mdipierro <[EMAIL PROTECTED]> wrote: > Please follow up any discussion on the other thread: > >           Testing-the-water re change to update/delete > > yes, this is not related to transactio

[web2py:10286] Re: delete vulnerability?

Please follow up any discussion on the other thread: Testing-the-water re change to update/delete yes, this is not related to transactions (I misunderstood the original post). In fact T2 now has the feature Bill suggested. On Oct 15, 12:15 pm, yarko <[EMAIL PROTECTED]> wrote: > ...can

[web2py:10285] Re: delete vulnerability?

...can someone in this context talk to me where db transactoins do / could come into play? Is this because rows are not tied up in transactions at every form display? Is Bill suggesting doing a "lightweight" version of this in the framework? What other alternatives are there? On Oct 15, 10:09

[web2py:10284] Re: Testing-the-water re change to update/delete

Ok, apparently Massimo thought the implementation cost was low enough to do it so it's a bit pointless to discuss although I still do think it's a quick hack class solution :) On Oct 15, 6:38 pm, billf <[EMAIL PROTECTED]> wrote: > I do not disagree with your general approach to the problem area.

[web2py:10283] GeoIP

Another cool new app from our friend Mateusz http://mdp.cti.depaul.edu/appliances/default/show/42 Massimo --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send ema

[web2py:10279] Re: Testing-the-water re change to update/delete

I do not disagree with your general approach to the problem area. But I would not want to solve this use case with transactions as I think the overheads too great and I (obviously) think the suggested solution is a fix at negligible cost. Re your specific points (second point first): "one could

[web2py:10282] Re: Testing-the-water re change to update/delete

BTW... it works for tables that have a SQLField('modified_on','datetime') On Oct 15, 11:40 am, mdipierro <[EMAIL PROTECTED]> wrote: > This feature is now in T2 for t2.update(). Thanks Bill. > > Massimo > > On Oct 15, 11:38 am, billf <[EMAIL PROTECTED]> wrote: > > > I do not disagree with your gen

[web2py:10281] database connection password

Is there a way to hide password in the connection-string? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from

[web2py:10280] Re: Testing-the-water re change to update/delete

This feature is now in T2 for t2.update(). Thanks Bill. Massimo On Oct 15, 11:38 am, billf <[EMAIL PROTECTED]> wrote: > I do not disagree with your general approach to the problem area. But > I would not want to solve this use case with transactions as I think > the overheads too great and I (o

[web2py:10278] Re: Testing-the-water re change to update/delete

The trouble is, if you don't go the way of transactions, every solution will be a solution to a particular use scenario with a lot of hidden gotcha's and is really a question of interpretation whether it's what you want or not. Imagine 50 people trying to make an order of a product that has the 'i

[web2py:10277] Re: Database sharing

web2py ONLY talks to the tabase engine in SQL and SQL does not prove a means to query for table structure. If you want to access an existing table you can, if and only if the table has an ID field. You need to (re)define the table with migrate=False. You do not need to define the entire database.

[web2py:10268] Re: 1.45 -> 1.46 and GAE

Keep in mind that selecting based on like can be a resource-intensive process for large tables (you have to examine every record rather than look at an index). They probably left it out until they saw what kind of load they would be dealing with on GAE. Plus, Google uses a distributed file sy

[web2py:10276] Re: Database sharing

What if I want to use web2py to modify data from some other running app (php Drupal, for instance). Do I need to define all the model? or is there some kind of tool to figure it out.. On Oct 15, 10:20 am, mdipierro <[EMAIL PROTECTED]> wrote: > In every case you need to choose a master application

[web2py:10275] Re: Testing-the-water re change to update/delete

achipa/vihang: I think you are both looking at more complex scenarios than I have in mind. I am not talking about multi-page transactions (in the sense of one user's transaction spanning several pages). I agree that would be the responsibility of the application. The following, which I posted

[web2py:10274] Re: Testing-the-water re change to update/delete

Well, IMO the only 'real' solution is to have application level transactions, but with all the problems that brings, it's worse than 'not easy' :( All other solutions (versioning, row identity check, etc) are hacks that cannot guarantee consistency for all cases, especially once it escalates to mu

[web2py:10273] Re: nanites anybody?

I do not think this as difficult to implement as it is to understand what it does. I would like to understand if people would find it useful. Massimo On Oct 15, 7:30 am, achipa <[EMAIL PROTECTED]> wrote: > From the nanite site: > > Mappers are the control nodes of the system. There can be any n

[web2py:10271] Re: Database sharing

In every case you need to choose a master application. If you use SQLite, the master app will do db=SQLDB('sqlite://stoarge.db') db.define_table(.) the other apps will do db=SQLDB('sqlite://../../masterapp/databases/stoarge.db') db.define_table(.,migrate=False) important! If you

[web2py:10270] Re: Logging

Got it now. Yes you can use the logging module and send messages to a file but there is a major problem. I believe the parameters of the logging module are per-process and not per-thread (please check). This means if redirecting logging to a file, all web2py logging (for the framework and all apps

[web2py:10269] Re: delete vulnerability?

The message above is in the wrong thread. Yes. This is a race condition and it can happen. Massimo On Oct 15, 8:50 am, billf <[EMAIL PROTECTED]> wrote: > Please can you explain how the id mechanism prevents the problem that > I describe. > > User A selects record with id=99 that has the followin

[web2py:10267] Re: Testing-the-water re change to update/delete

I am not sure there is an easy catch all solution to this problem. On Oct 15, 8:48 am, achipa <[EMAIL PROTECTED]> wrote: > Upon further thought, wouldn't it be better to implement his in a > playback fashion ? I mean, you would handle the first pages like an > intentionally failed/rolled back tra

[web2py:10266] Re: Database sharing

Tommy, It depends on the database you are using. All databases (that I know of) take multiple access into account, so you shouldn't worry about concurrency until you have a website with more than one request per second. With your python app, you can use the normal database driver to access y

[web2py:10265] Database sharing

How does web2py application to access the database in other application? We have three applicaitons, two web applications developed by web2py, and another application developed by python. Three applications try to access one database. I don't know how to setup the database in which application. Ca

[web2py:10264] Re: Logging

Ah, sorry. I mean logging module. as in logging.debug("request received with link") or logging.warning("session cookie contains invalid hash, logging out user %r from host %r" % (user.id, ip_address)) BTW, thank you for putting up the early draft PDF if The Book. I can't buy the soft copy becau

[web2py:10263] Re: delete vulnerability?

Please can you explain how the id mechanism prevents the problem that I describe. User A selects record with id=99 that has the following columns/ values: "name" = "Massimo", "town" = "Chicago". User B selects the same record, id=99, "name" = "Massimo", "town" = "Chicago". User B updates the nam

[web2py:10262] Re: Testing-the-water re change to update/delete

Upon further thought, wouldn't it be better to implement his in a playback fashion ? I mean, you would handle the first pages like an intentionally failed/rolled back transaction. The further the user goes in the process, the further you get with the queries (and you will notice any changes made b

[web2py:10261] Re: Logging

Sorry Chirs, I do not understand what you mean by "debug logging". By logging do you mean "logging in" or as in "logging module"? On Oct 15, 4:31 am, cjparsons <[EMAIL PROTECTED]> wrote: > Are there any clever ways for debug logging? I am planning to use the > Python logger module to a file in t

[web2py:10260] Re: Testing-the-water re change to update/delete

I do not think belongs to web2py but it could be a next T2 feature. Massimo On Oct 15, 4:24 am, billf <[EMAIL PROTECTED]> wrote: > I would like to request the ability to include a column in every table > to be used to avoid overlapping updates, i.e. where a record has been > updated by user B be

[web2py:10259] Logging

Are there any clever ways for debug logging? I am planning to use the Python logger module to a file in the administration directory which I guess will only be visible if logged in? Thanks for any ideas you have Chris --~--~-~--~~~---~--~~ You received this messa

[web2py:10258] Re: 1.45 -> 1.46 and GAE

I cannot believe it either. I am not spending time coding a workaround because I expect them to fix it. On Oct 15, 4:02 am, "Steve Shepherd" <[EMAIL PROTECTED]> wrote: > Massimo > Talking about GAE is there any work around for the LIKE command when > searching for records. > I can't believe a sea

[web2py:10257] Re: delete vulnerability?

Not True. There is a mechanism to prevent that. SQLFORM for update forms stores the record id server side. If the use tampers with the form accepts detects it. Massimo On Oct 15, 3:59 am, billf <[EMAIL PROTECTED]> wrote: > If a user knows the id of a record then, by default, there is nothing >

[web2py:10256] Re: Testing-the-water re change to update/delete

billf: Ah, so you mean like transactions, but across several pages ? Generally I'd say that in that case it's the application's responsibility to ensure data consistency and handle overlapping user actions, but this will be hard to do in a web environment (the user may never actually submit the la

[web2py:10255] Re: Testing-the-water re change to update/delete

my understanding is that when a record is being modified/deleted, the transaction mechanism 'locks' the table. hence any other modification would fail or not get commited... only thing is that I do not know what kind of response is sent back.. On Oct 15, 5:39 pm, billf <[EMAIL PROTECTED]> wrote:

[web2py:10254] Re: Testing-the-water re change to update/delete

I believe that to achieve the same, a database transaction would have to include both the select and the update/delete. This would include the period of display, input and submission and the user may never submit an update. I hope I'm correct in this understanding but please correct if I'm not.

[web2py:10253] Re: nanites anybody?

>From the nanite site: Mappers are the control nodes of the system. There can be any number of mappers, these typically run inside of your merb or rails app running on the thin webserver(eventmachine is needed) But you can also run command line mappers with a shell into the system. Each nanite a

[web2py:10252] Re: Testing-the-water re change to update/delete

In what way is this different from database transactions ? On Oct 15, 11:24 am, billf <[EMAIL PROTECTED]> wrote: > I would like to request the ability to include a column in every table > to be used to avoid overlapping updates, i.e. where a record has been > updated by user B between user A sele

[web2py:10251] Testing-the-water re change to update/delete

I would like to request the ability to include a column in every table to be used to avoid overlapping updates, i.e. where a record has been updated by user B between user A selecting a record and updating/ deleting it. When this occurs user B's updates are invisibly undone. I know that this can

[web2py:10250] Re: nanites anybody?

Do these cluster across processors or is it a single machine thing? The registration process would need to be cached to keep mapping speed up. It would be also interesting to see how the dieing daemon gracefully departs from the cache or map routing mechanism. As high volumes occur the mapper would

[web2py:10249] Re: 1.45 -> 1.46 and GAE

Massimo Talking about GAE is there any work around for the LIKE command when searching for records. I can't believe a search company like google has not got a fantastic method of searching their object repository. Steve On Wed, Oct 15, 2008 at 4:43 AM, mdipierro <[EMAIL PROTECTED]> wrote: > > On

[web2py:10248] Re: Syntax highlighting disapeared

ooh bleeding edge!! The editor has an icon on the top that toggles it on or off. But if your java is messed up a lot of stuff will not work Steve On Wed, Oct 15, 2008 at 11:43 AM, pigmej <[EMAIL PROTECTED]> wrote: > > Firefox alpha ;) With tracemonkey. > > On 14 Paź, 22:14, "Tito Garrido" <[EM

[web2py:10247] delete vulnerability?

If a user knows the id of a record then, by default, there is nothing to stop them deleting a record from the database irrespective of the delete checkbox being displayed. For example: http://my_server:my_port/my_application/my_controller/my_action?id=the_id&delete_this_record=on I know this is

[web2py:10246] Re: custom forms - a suggestion

I have noted one problem with my suggestion. As coded, a standard, non-custom form throws an error with customview not defined. I thought that if self.customview and self.customview=True: in FORM.xml() would catch the absence of customview but doesn't seem to(?) so I have changed it to if not