|
Roy S. Rapoport
mod_python at ols.inorganic.org
Fri Dec 19 06:33:34 EST 2003
On Thu, Dec 18, 2003 at 08:45:41AM -0800, tpc at csua.berkeley.edu wrote: > hi Giampiero, can I ask you, being a newbie to Python > myself, why you are switching to modpython from Zope ? > I have heard many good things about Zope but have not > had the time to download and use it, but from what I hear > if you want to serve a complex database-backed application > there is no better way. I'm obviously not Giampiero, but I'll take a stab at answering the question (disregarding Giampiero's specific circumstances). I work for a privately-held financial institution in the IT group; I happen to wear two hats, actually -- I'm a member of both the development and the infrastructure groups. Our choice of languages is Python, our choice of platform on which to develop applications is the web, and our choice of web platform on which to develop is Zope. We are heavily invested in Zope and we love it. I especially love Zope because it pretty much enforces an MVC architecture -- ZSQL methods to access databases, python scripts for business logic, DTML/ZPT for display logic. There's the upside. The downside? The security (or lackthereof) aspects of running it sometimes wake me up at night screaming. OK, that's overstating it, but not by much :) The problem with Zope is one of its nicest features -- in-band management. Got a Zope server at http://my.server ? Then you can manage it at http://my.server/manage. Want to manage http://my.server/some/path? Again, you can go into the management interfact of Zope on that path at http://my.server/some/path/manage. All management of Zope is down through URL strings ON THE SAME IP AND PORT AS THE CONTENT YOU'RE SERVING. Now, again, in some respects this is really nice -- it took us about two hours to get up a Python program that allowed us to easily synchronize content between two or more Zope servers by just sending URLs around. On the downside, this means that pretty much anyone in the world is guaranteed to be able to access the management interface of your Zope server and then it's just a password-guessing attack. You can front Zope with Apache -- and you're advised to -- and we're continuing to fine-tune our httpd.conf to block URLs that look like they're management URLs -- but it's a pain, and error-prone, and not likely to ever be complete. The official word on the Zope list is "Yes, it's insecure. Deal with it and accept it." In-band management is really user-friendly. I think it's also a very bad idea. I hope they go away from that one of these days. Oh, one more thing: Emblematic of many (but not all) open-source projects, Zope is a wonderful, relatively-well-constructed product with absolutely atrocious, horrific, monstrously-bad documentation. It's incomplete (and in some cases wrong). Mind you, I'm not sure mod_python is much better, but I'm not talking about it right now :) Hope this is useful, -roy (ex-CSUA and OCF member) > > On Thu, 18 Dec 2003, Giampiero Benvenuti wrote: > > > Thanks Manfred, now I'm starting to "see". > > Great tip, it works like a "swiss" clock. > > > > > This: > > > > > >> rows = cursor.fetchall() > > >> rows = list(rows) > > >> for row in rows: > > >> results = (row['news_title']+',<br>') > > >> req.write(results) > > > > > > can be compressed to (and made faster): > > > > > > > > > results = [] > > > for row in cursor.fetchall(): > > > results.append(row['news_title']) > > > req.write("<br />".join(results)) > > > > > > > _______________________________________________ > > Mod_python mailing list > > Mod_python at modpython.org > > http://mailman.modpython.org/mailman/listinfo/mod_python > > > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python
|