Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I want to build a webapp with Python back-end. The front-end of the webapp will just have a simple input box where the user puts an address. Then, on the back-end I want to scrape content from the webpage in that address and then process that data. This data processing might become quite heavy.
I'm quite experienced with Python, although with webapps, hosting, and so on, I have zero experience. I bought a domain name and hosting on namecheap, even though I just found out that maybe I won't be needing to use their hosting, as someone in /r/webhosting recommended me to use AWS instead. This was the methodology I was recommended to follow:
switch to AWS (or Azure)
create python lambda/function to do whatever you want to do with this request...
put lambda behind api-gateway
put Cloudfront in front of api-gateway (optional but hey..)
I have seen tutorials to point the namecheap domain into an EC2 instance. But how do I go about doing this with Lambda? Is it the same principle? Can you point me to any tutorials that might teach me how to handle this? Is Lambda actually the optimal solution for this?
Thanks!
This is a great starting point: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-quick-start.html
Aws sam handles creation and deployment of your Lambda and API Gateway. To have your API/web app exposed to a custom domain, you will need to create a AWS ACM SSL certificate and create a custom domain on your API Gateway. Basically it will create a hidden Cloudfront Distribution that you can use to setup your DNS.
Good luck!
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 1 year ago.
Improve this question
I am currently working on an app or rather preparing everything. However, I have a question regarding backend and frontend. For the frontend, I was thinking about working with Dart/Flutter, since I'm planning to release the app for iOS and Android. For the backend, I would actually like to use Python, since I also have experience with the programming language.
I want to build an artificial intelligence into my app, which can receive an input from the user via the frontend connection, do something with it and pass this processed information back to the frontend and thus to the user as output. I hope you can understand all this. So, in general, it just has to be able to pass the information between the Dart files (Flutter) and the Python files.
In fact, I don't really have any experience with linking a frontend with a backend. Now I just wanted to ask if all this is possible at all and if Flutter or Dart and Python are even "compatible" with each other, maybe with plugins or something? I don't want to do without Flutter for my app, so if that's not possible, which programming language could I use instead of Python for programming an artificial intelligence?
Maybe one of you already has experience in this area or with my problem and could help me? I am looking forward to your opinions and suggestions for help or also experiences.
Kind regards and thanks in advance!
I'm a Fullstack developer and I have worked on a bunch of these projects with Front-end and Back-end components.
Essentially what you would do is have your Front-end make get requests to a server. Your Front-end client would be in Flutter or Dart and the server would be an HTTP API. Flask, for example, is one framework that let's you make web applications with Python. You are making an API for your client to call.
I can't speak as much to Flutter or Dart because I'm a React.js developer, but you would host your client on one website and then host a server on another website and simply make get and post requests on the server.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I want to deploy a website that uses Django on the server side and reactJs Frontend on AWS. I'm estimating traffic of about 40,000 per month. It happens that Amazon has several hosting packages. I like the EC2 instances but I don't know which particular instance will be suitable for me and being cost effective. I want to host for 6 months to get to understand the platform and later extends it if I'm comfortable with their services. The database isn't that robust. I'll also like to add updates at least two times a week.
Honestly, I haven't used AWS before and I don't even know if EC2 is the best for my project. Which of the packages will be best for my project?
Your main choice is Amazon EC2 (highly flexible) vs Amazon Lightsail (similar to a VPS).
Nobody can advise you on sizing your system, since it is totally dependent upon what your application does (video vs compute vs caching, etc) and how your users interact with the app. You should pick an Instance Type, setup a test system that simulates typical usage and then monitor how it runs.
Alternatively, pick something reasonably big, run it in production and monitor for any issues. If it all looks good, you could downsize the system.
AWS EC2 is an IaaS (Infrastructure as a Service) cloud model, and it's best suited for those who are starting to use cloud computing. We can say that it's similar to on-prem environments, you have almost full control over all aspects of computing like memory, storage, and networking, on the other hand, you need to manage them, and in some cases, you don't want or, you don't need to do. In your case, with the information provided, an EC2 seems to be the best choice, so you can safely try AWS (safely, because you will need to take care of costs, and on IaaS model you have more predictability) while learning about other services. The second step will depend on the specificities of your application like if stateful or stateless if needs to be scalable or not. Hope I have contributed.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
We have legacy .exe solution running on industrial client's desktops that I need to port over to Google App Engine. All clients will have the same version of the app, no code customization. We need to be sure that data will not be leaked between different clients of the new GAE app or be snooped on by some external party.
So I have a couple of questions that I hope someone will be able to help me out.
Option 1: Use namespaces to separate client's data. This seems quite robust at the Datastore level; without the proper namespace data would not be served. Since we have the company name of each user, I would presume this would be quite secure against leaks.
Q1: Which precautions do I need to take to avoid someone guessing or hacking at URLs to get to unauthorized data?
Option 2: We could have a separate instance of the code and datastore for each client. This would give the optimal separation between clients.
Q2: Is there a tool or API to "clone" a given GAE app to many clients? We would feed the list of clients and update the code to all those instances in one go.
Thanks!
Which precautions do I need to take to avoid someone guessing or hacking at URLs to get to unauthorized data?
Namespaces are not a security mechanism for Datastore. A user with access to one partition in a project has access to all partitions in the project. Namespaces provide a way to organize your entities within a project.
Is there a tool or API to "clone" a given GAE app to many clients? We would feed the list of clients and update the code to all those instances in one go.
To have completely isolated instances of services, you can create new projects programmatically using the Cloud Resource Manager API and access resources across projects.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I'm building my first ever web-app in python, haven't even decided on a framework yet,
does it make sense to start out with a MySQL database to manage users and credentials?
or is it a completely ridiculous way to approach it?
what are some existing solutions and best practices for managing user credentials?
The answer is, as always, it depends. There are many ways to build a web app in Python so you'll first need to decide on what you want to build or what technology you want to learn.
If you just want to focus on a Python backend as a learning exercise then you could use Flask which can run as a server and includes many modules to help you get started including managing users. If you plan to expose your app publicly though it is generally recommended to use Apache or some other battle tested server which can route the requests to Flask.
There are other Python frameworks like bottle which I believe is meant to be even simpler than Flask and Django which is more complicated but has more features. It all depends on what you want to do. You can also look at things like dash if you're end goal has a data analysis flavor.
One thing to note though is that managing user credentials is not trivial. It can be a useful exercise if you like to learn and tinker, but to do it correctly youll need to learn about salting passwords, cryptographically secure hashing, session management, https (and ideally which ciphers should be deprecated), how to protect against sql injection (good to know how to do this anyway if you don't already), cross site scripting, CORS, etc. The list goes on. None of these things are exclusively just for managing user credentials but you should understand all the ways things can go south on you.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I know this is technically a duplicate question, but I believe it is valid since the original question was submitted 7 years ago and Python/web security has come a long way since then.
I would like to build a web app that allows users to input python code (through the Ace editor package) and then execute it in the browser using a python interpreter on the server. I cannot use pypy.js because I need to use numpy, pandas, and matplotlib. Essentially I would like to make my own Codecademy (I am a teacher and would like to create Codecademy-like courses for my students). Sadly the create-a-course thing Codecademy mentioned at one point has come to nothing.
I'm using Flask, but I could learn Django if that would be easier.
What is the best way to allow my users to run the python code without allowing them to affect the rest of the program or access files outside of what they're allowed to?
There were no fundamental changes in Python or web security the last 7 years. It is still suicidal to allow users to run code on your server.
However, what did change is the availability of lightweight VM solutions like docker.
For an example how this could work have a look at https://civisanalytics.com/blog/engineering/2014/08/14/Using-Docker-to-Run-Python/ . I will not reference this solution here as you will found other examples, even if this one goes away.
However, this might be more safe then running user code direct on your server, BUT
the user code is still running on your server. It might be not possible to escape the docker image, but a malicious user could still upload for eg. a denial of service tool and start an attack from your server. Or sniff your network traffic or whatever.
there are or at least might be ways to break out of the docker image.
For a controlled environment like a classroom those risks might be acceptable, but for a public server you would need a lot of security know how to further lock down the server and the docker image and filter available python functionality.