Comments for David Fischer dot Name http://www.davidfischer.name Some Things to Some People Wed, 02 Jun 2010 15:03:50 +0000 hourly 1 http://wordpress.org/?v=3.0 Comment on Django Scripting and the Crontab by David http://www.davidfischer.name/2010/02/django-scripting-and-the-crontab-2/comment-page-1/#comment-215 David Wed, 02 Jun 2010 15:03:50 +0000 http://www.davidfischer.name/?p=400#comment-215 I discovered later that this had to do with my hosting provider rather than Django. I discovered later that this had to do with my hosting provider rather than Django.

]]> Comment on Django Scripting and the Crontab by Mandx http://www.davidfischer.name/2010/02/django-scripting-and-the-crontab-2/comment-page-1/#comment-213 Mandx Tue, 01 Jun 2010 15:54:07 +0000 http://www.davidfischer.name/?p=400#comment-213 There is no need to change the current directory to where "manage.py" is in the crontab. Just give Python the full path to it, followong with the necesary parameters: * * * * * python /home/path/to/project/manage.py mycommand There is no need to change the current directory to where “manage.py” is in the crontab. Just give Python the full path to it, followong with the necesary parameters:

* * * * * python /home/path/to/project/manage.py mycommand

]]> Comment on Django authentication and mod_wsgi by David http://www.davidfischer.name/2009/10/django-authentication-and-mod_wsgi/comment-page-1/#comment-212 David Wed, 26 May 2010 14:55:12 +0000 http://www.davidfischer.name/?p=270#comment-212 Alessandro is correct. Without a middleware or something else, RPC4Django will not support some authenticated methods out of the box while others can be used by unauthenticated users. It's currently all or nothing. There is currently a blueprint regarding adding a sort of <a href="https://blueprints.launchpad.net/rpc4django/+spec/handle-authentication" rel="nofollow">out of the box authentication</a> which would solve this but I have not had time to work on it. I also want to talk about security in the next release. HTTP basic authentication really should not be used without SSL/TLS for maximum security. The new out of the box authentication will not solve the security issue. Unless you don't care about packet sniffing, passwords should be encrypted. Alessandro is correct. Without a middleware or something else, RPC4Django will not support some authenticated methods out of the box while others can be used by unauthenticated users. It’s currently all or nothing.

There is currently a blueprint regarding adding a sort of out of the box authentication which would solve this but I have not had time to work on it.

I also want to talk about security in the next release. HTTP basic authentication really should not be used without SSL/TLS for maximum security. The new out of the box authentication will not solve the security issue. Unless you don’t care about packet sniffing, passwords should be encrypted.

]]> Comment on Django authentication and mod_wsgi by Alessandro http://www.davidfischer.name/2009/10/django-authentication-and-mod_wsgi/comment-page-1/#comment-211 Alessandro Mon, 24 May 2010 10:44:23 +0000 http://www.davidfischer.name/?p=270#comment-211 Hi, the suggested method is not compatible with having both open and restricted methods, I solved the problem with a tiny middleware and with the following directive in the virtual server conf: <code>WSGIPassAuthorization On</code> The middleware : <pre><code class="python"> class HttpAuthMiddleware: """ Simple HTTP-Basic auth for testing webservices """ def process_request(self, request): auth_basic = request.META.get('HTTP_AUTHORIZATION') if auth_basic: import base64 try: username , dummy, password = base64.decodestring(auth_basic[6:]).partition(':') user = User.objects.get(username=username) if user.check_password(password): request.user = user except User.DoesNotExist: pass return None </code></pre> <strong>Edit:</strong> Changes to formatting made by David. Hi,

the suggested method is not compatible with having both open and restricted methods, I solved the problem with a tiny middleware and with the following directive in the virtual server conf:

WSGIPassAuthorization On

The middleware :


class HttpAuthMiddleware:
    """
    Simple HTTP-Basic auth for testing webservices
    """
    def process_request(self, request):
        auth_basic = request.META.get('HTTP_AUTHORIZATION')
        if auth_basic:
            import base64
            try:
                username , dummy,  password = base64.decodestring(auth_basic[6:]).partition(':')
                user = User.objects.get(username=username)
                if user.check_password(password):
                   request.user = user
            except User.DoesNotExist:
                pass
        return None

Edit: Changes to formatting made by David.

]]> Comment on Working with World Bank Data in R by David http://www.davidfischer.name/2010/04/working-with-world-bank-data-in-r/comment-page-1/#comment-210 David Fri, 21 May 2010 05:22:38 +0000 http://www.davidfischer.name/?p=514#comment-210 While the population figure may not be too relevant to the energy use per capita (doh!), I still think there's something impressive that people today with all their computers and electronic devices are using the same or less energy than 35 years ago. While the population figure may not be too relevant to the energy use per capita (doh!), I still think there’s something impressive that people today with all their computers and electronic devices are using the same or less energy than 35 years ago.

]]>