I'm building this app in Python with Django.
I would like to give parts of the site wiki like functionality,
but I don't know how to go on about reliability and security.
Make sure that good content is not ruined
Check for quality
Prevent spam from invading the site
The items requiring wiki like functionality are just a few: a couple of text fields.
Can anyone help on this one?
Would be very much appreciated. :)
You could try using Django Wikiapp, which gives you most of the features you want in a wiki, including history and the ability to revert to older versions of an article. I have personally used this app and it's pretty self-explanatory; they also have a bit of documentation at http://code.google.com/p/django-wikiapp/source/browse/trunk/docs.
In terms of spam protection you can to one of two things or both: password protect the pages that have to do with editing the wiki, and use Akismet to filter for spam. I'm working on something similar and this is probably what we'll end up doing.
Assuming that there will be a community of users you can provide good tools for them to spot problems and easily undo damage. The most important of these is to provide a Recent Changes page that summarizes recent edits. Then each page that can be edited should retain prior versions of the page that can be used to replace any damaging edit. This makes it easier to undo damage than it is to damage things.
Then think about how you are going to handle either locking resources or handling simultaneous edits.
If you can tie edits to users you can provide some administrative functions for undoing all edits by a particular user, and banning that user.
Checking for quality would be tied to the particular data that your application is using.
Make sure that good content is not ruined = version each edit and allow roll-backs.
Check for quality = get people to help with that
Prevent spam from invading the site = get people to help with that, require login, add a captcha if need be, use nofollow for all links
Related
I'm working on a software that deals with drones.
My team introduced a server to allow command and control activities with multiple drones.
Now, I'd like to test its API and create a python module for automated testing.
The API includes actions like add marker, delete marker and so on and so forth that you can do in the app.
I've been researching if there might be a tool to allow me to randomize these actions automatically to create scenarios that imitate user actions.
For example:
check the license, add mission, add a marker, fly to position and delete Marker.
Each of those actions is a request sent to the server within the app, but I've already recreated those activities as functions in python. The server actions have also been written in Python(server is tornado). Now I just need to find a way to randomize their activation(the data they send to the server is generated randomly and legally as well, and that's not a problem).
So before wasting a lot of my time creating these scenarios by hand, I'm sure someone already faced this kind of problem. I couldn't find it here though. Searched for hours but there are so many questions I might have missed something related to my issue.
I can build such a tool myself and even share a git to it here if it comes to that. Then it will be helpful to anyone encountering this question.
I thought it would be worth asking anyway.
Let me know if there are any other details you need to know to answer this question.
Thanks!
The site won't be that complicated and will resemble a modern blog (users, messages, news and other similar features).
Do I need to use a framework for this, and if so, which is best?
Pyramid, Django?
You certainly don't need a webframework to create a simple website. Given that you're new to python and interested in building a python website, I imagine this implies: you're interested in learning python. If you're exclusively interested in learning django-python, there's no reason you can't jump in to django, as Ronak said, of course. He's right. It has a lot of documentation. But it will make for somewhat of an odd intro to python.
If I were in your shoes, I'd either start making some offline programs first, or consider an ultra-lightweight framework. Many would advocate web2py or pyramid for ultralightweight. I might consider going even lighter. Something like Bottle, where you're more or less just pairing functions with urls. This way you can at least do a bit of hacking/trial-and-error, instead of launching right into django.
It's not that django doesn't use python-- it will tell you many times that it is in fact 'just python.' But it's adapted at its core to be used in a large business setting (the chicago something or other online, i think). So it enforces various rules that are helpful in managing many different employees working on a project together. You may or may not wish for this kind of 'help.' It also means the scale of projects is assumed to be large and the time-horizon, limitless. If you want to see how a python dictionary works, you may not want to spend a long time configuring settings and creating the pseudo-static-typing you need for your database, and so on, just to execute your project and see a result.
I realize I will automatically get downvoted for this, but I believe it to be sound advice.
It depends on what kind of website you are planning to come up with. If the website is going to be just a set of static HTML files, then you don't really need a framework. But if your website will have lots of dynamic content that will get updated on regular basis, you should go with some framework. That will make your life maintaining the website much more simpler.
Django is the most popular framework written in Python. It has very good documentation and a strong community base too.
Go with Django - 10,000 Elvis fans can't be wrong.
Or roll your own from scratch. You'll learn a lot, know everything about how you site works, and better appreciate what a framework does for you.
As RonakG first pointed, it all depends on the kind of website you intend to have up and running. Actually, your question is too general for a single, definitive answer. There are more aspects to consider other than just being in python. For example, deadlines. This means considering the learning curve to achieve your results. If you don't have much time, a steep learning curve (time to learn it in order to develop it) is certainly something you will want to avoid. Perhaps you already develop in other languages, and need integration and/or migration support, need scalability, reusability, etc, etc, etc.
Another thing that is not so clear in your question is what you mean by "The site won't be that complicated and will resemble a modern blog (users, messages, news and other similar features)". If it really resembles just a modern blog, with users, messages and news, you could google for CMS (Content Management Systems). There are many options available, that could make you have your site up and running in almost no-time. All you'll have to learn is how to customize whatever it has to as to comply to your needs.
That said, if you prefer python, there are some good CMSs available which you can develop your site fast, like Plone. And if you prefer Django, there's Django CMS and there's the excellent Pinax project, which takes the django code reusability to deliver you sample fully customizable, complete websites.
We are considering implementing a voting system (up, down votes) without using any type of credentials--no app accounts nor OpenID or anything of that sort.
Concerns in order:
Prevent robot votes
Allow individuals under a NAT to vote without overriding/invalidating someone else's vote
Preventing (or, at the very least making very difficult for) users to vote more than once
My questions:
If you've implemented something similar, any tips?
Any concerns that perhaps I'm overlooking?
Any tools that I should perhaps look into?
If you have any questions that would help for you in forming an answer to any of these questions, please ask in the comments!
To address your concerns:
1: a simple Captcha would probably do the trick, if you google "django captcha", there are a bunch of plugins. I've never used them myself, so I can't say which is the best.
2 & 3: Using Django's sessions addresses both of these problems - with it you could save a cookie on the user's browser to indicate that the person has already voted. This obviously allows people to vote via different browsers or by clearing their cache, so it depends on how important it is that people not be allowed to vote twice. I would imagine that only a small percentage of people would actually think to try clearing their cache, though. As far as I know the only other way to limit users without a sign-in process would be to test IP addresses, but that would violate your second criteria since people on the same network will show up as having the same IP address.
If you don't want multiple votes to be as simple as deleting browser cookies, you could also allow facebook or twitter login - the django-socialregistration plugin is pretty well documented and straightforward to implement.
Hope that helps!
Recaptcha is an excellent choice. For Django, here's the one that I've had the most success with, which actually uses images loaded from Recaptcha (as opposed to local images generated on the fly):
http://pypi.python.org/pypi/recaptcha-client#downloads
Instructions for installation are in this snippet:
http://djangosnippets.org/snippets/433/
If Recaptcha is a bit unwieldy for what you're doing, I've heard of people implementing a form that loads with a hidden input containing a timestamp value, corresponding to when the form was loaded. Then, when the form is submitted, generate a new timestamp and get the difference between the two. If the difference in seconds is below a certain threshold that's unreasonable for a human visitor, chances are you have a bot. This works for contact forms with several fields...it usually takes a person more than 10 seconds to fill them out.
I can't speak to how effective this technique actually is in production....a lot of these spam bots these days are smarter than I am. But it might be something you'd consider looking into or testing.
I got a project in mind that makes it worth to finally take the plunge into programming.
After reading a lot of stuff, here and elsewhere, I'm set on making Python the one I learn for now, over C# or java. What convinced me the most was actually Paul Graham's excursions on programming languages and Lisp, though Arc is in the experimental stage, which wouldn't help me do this web app right now.
As for web app fast, I've checked out Django, Turbo Gears and Py2Web. In spite of spending a lot of time reading, I still have no clue which one I should use.
1) Django certainly has the nicest online presence, and a nicely done onsite tutorial, they sure know how to show off their thing.
2) Web2Py attracted me with its no-install-needed and the claim of making Django look complicated. But when you dig around on their website, you quickly find content that hasn't been updated in years with broken external links... There's ghosts on that website that make someone not intimately familiar with the project worry if it might be flatlining.
3) Turbo Gears ...I guess its modular too. People who wrote about it loved it... I couldn't find anything specific that might make it special over Django.
I haven't decided on an IDE yet, though I read all the answers to the Intellisense code completion post here. Showing extra code snippets would be cool too for noobs like me, but I suppose I should choose my web frame work first and then pick an editor that will work well with it.
Since probably no framework is hands down the best at everything, I will give some specifics on the app I want to build:
It will use MySQL, it needs register/sign-in, and there will be a load of simple math operations on data from input and SQL queries. I've completed a functional prototype in Excel, so I know exactly what I want to build, which I hope will help me overcome my noobness. I'll be a small app, nothing big.
And I don't want to see any HTML while building it ;-)
PS: thanks to the people running Stackoverflow, found this place just at the right moment too!
You should look at the web2py online documentation (http://web2py.com/book). It comes with a Role Based Access Control (the most general access control mechanism) and it is very granular, you can grant access for specific operation on specific records. It comes with a web based IDE but you can use WingIDE, Eclipse and PyCharm too. It comes with helper system that allows you to generate HTML without using HTML. Here is an example of a complete app that requires users to register/login/post messages:
db.define_table('message',Field('body'),Field('author',db.auth_user))
#auth.requires_login()
def index():
db.message.author.default=auth.user.id
db.message.author.writable=False
return dict(form=crud.create(db.message),
messages=db(db.message.id>0).select())
The web2py project is very active as you can see from the list of changes http://code.google.com/p/web2py/source/list
If you have web2py related questions I strongly suggest you join the web2py mailing list:
http://groups.google.com/group/web2py/topics
We are very active and your questions will be answered very quickly.
I have to say as not particularly skilled developer, the speed at which I have been able to create using web2py has blown my mind. In large part due to the amazing community and the core value Massimo has of making the framework accessible.
When I started I had written 0 lines of code in Python
Never heard of web2py
I've been at it seriously for about a month and have progressed (in my usual fashion) from asking questions that no one could answer (because they didn't make any sense) to coding for hours at a time without picking up a book or asking a question.
I'm really impressed.
I've had positive experiences with Django.
Built-In Authentication and easy to use extensions for registration
Very good documentation
You probable write your HTML templates mostly in base.html, then just use template inheritance (Note: You'll need to write at least a little bit of HTML)
In contrast to Turbogears, Django is more 'out-of-the-box'
I don't have any experience with web2py, but from my impression, it tries to do a little to much 'out-of-the-box'
If you decide to go with Django, make sure that you use its Generic Views. They will save you from writing lots of code, both Python and HTML.
Also, unless there is a very specific reason for you to use MySQL, I advise you to switch to PostgreSQL. Django is much more oriented towards PostgreSQL and it's a much better database anyway.
The online Django documentation is great, this is what put it apart from all the other frameworks. I also recommend the book Practical Django Projects by James Bennett
Django: Heard it has the best administrative
interface. But uses it's own ORM, i.e. doesn't use SQL-Alchemy.
Web2py: Didn't research this.
Turbogears2:
Uses SQL-Alchemy by default, uses Catwalk for admin
interface, but documentation isn't as
great.
I chose Turbogears2 because it uses popular components, so I didn't have to learn anything new...
I've used both web2py and RoR extensively, and while RoR has gotten a lot of popularity and support in the past few years, web2py is simpler, cleaner, less "magical", and yet also offers more (useful) out-of-the-box functionality. I'd say that web2py has more potential than RoR, but it is a relatively new framework and does yet not have the maturity of RoR. (Despite that, though, I'd choose web2py over RoR any day...)
If you "don't want to see any HTML while building it" then you can forget Django. It is not focused on "point-click-done," it is focused on pros going from concept to production in the shortest time possible. The hierarchical nature of the templating language can lead to some very clean overall site layouts. I use Django for all of my larger sites and I love it.
Although it's written in PHP, not Python, you might take a look at the major new version of WordPress that came out about 2 or 3 months ago. In 3.0 they have come a long way from being a "blogs only" environment and there are tons of ready-made templates for it. Of course if you want to tweak a template, well, there's that nasty old HTML again. I am considering using it for my smaller clients that can't deal with the admin of a dedicated server, etc., that tends to come with a Django site.
Update:
Ah, I missed the semi-joke -- I was up too early and that tends to make me tone deaf to humor. As far as using templates from existing sites, I have done this quite successfully with a couple of sites, both those that were static and those originally driven by well-written PHP scripts. I recommend a careful reading of the {% extends %} and {% include %} docs. Both take either a string literal or a variable. I have used the later method and it can be quite useful for a site that has strong hierarchy distinguished by style changes across branches.
It is also worth the time to understand the search order for templates -- it can be used to good effect, but it can be puzzling if you don't grok it. See the template-related items in the settings.py file for this and other useful goodies.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm building a Django project that needs search functionality, and until there's a django.contrib.search, I have to choose a search app. So, which is the best? By "best" I mean...
easy to install / set up
has a Django- or at least Python-friendly API
can perform reasonably complex searches
Here are some apps I've heard of, please suggest others if you know of any:
djangosearch
django-sphinx
I'd also like to avoid using a third-party search engine (like Google SiteSearch), because some of the data I'd like to index is for site members only and should not be public.
Check out Haystack Search - a new model based search abstraction layer that currently supports Xapian, Solr and Whoosh. Looks like it's well supported and documented.
Justin, I'd try djangosearch first: Jacob Kaplan-Moss (Django's lead developer) is working on it.
Potential hazards:
The home page warns the API might not be entirely stable
Potential benefits:
“The long term goal is for this to become django.contrib.search.”
I am searching for the same thing, as are a lot of other people. Let's hope that django.contrib.search will be added soon.
In the meantime, this is what I found:
http://code.google.com/p/djangosearch/
http://code.google.com/p/django-sphinx/
http://code.google.com/p/djapian/
http://code.google.com/p/django-search-lucene/
http://www.sai.msu.su/~megera/postgres/gist/tsearch/V2/
To me, most look quite complicated and, frankly, a little daunting to implement.
I'd be interested to learn what you think of these.
The google code page for djangosearch indicates that it is no longer under active development, and suggests haystack or solango.
I'd recommend Sphinx for full-text search and aggregation, and django-sphinx is good enough for production use. We found that Sphinx was the least resource-intensive and fastest way to index and search our documents and that django-sphinx was a nice wrapper on top of the sphinx client.
The group by aggregation is particularly nice, if for example you want to display how many documents with a certain tag or by a certain author (or both) matched a search. In memory attribute updates were convenient too, especially for removing deleted articles immediately.
Thanks Garth. I had seen that djangosearch wanted to become the official Django search, but I was hesitant to use it because I couldn't find any documentation! Luckily, there's a README in subversion that I hadn't seen before, and it makes the API look very cool:
# set up the model
class Event(models.Model):
title = models.CharField(max_length=255)
date = models.DateField()
is_outdoors = models.BooleanField()
index = djangosearch.ModelIndex(text=['title'],
additional=['date', 'is_outdoors'])
# run a search
results = Event.index.search("django conference")
I just needed a very quick solution that was no-fuss for an internal app.
I found the article Adding search to Django in a snap, and that worked splendid for me!
Obviously it lacks the speed, scalability and features of the real projects like Haystack, but this one is easier to set up, and I don't really need anything else than keyword AND-search.
You might want to consider letting Yahoo do all the hard work with their Build your own Search Service (BOSS). Here is a great blog post that walks you through the process:
http://www.peterkrantz.com/2008/yahoo-search-in-django/
It looks like everyone here missed django-xappy
After quick evaluation of all existing search addons for Django, I found this one as most flexible and easiest to use. It's rough on the edges in few places, but it's still the best way to use power of Xapian search engine inside Django projects.
You might want to look at Django Solr search (aka "Solango") which comes with some nice documentation to get you started...
If you have large amount of data to be indexed or you expect high traffic, I'd suggest using some external search engine, like Solr. This way, you'll keep shared-nothing approach and be able to scale your site components independently.
I think I am going to have to give a shout out to Djapian.
It is rock-solid...just pull down a source distribution and peek inside. Top notch code, not very many comments tho..
It's still a young software project, but I think the django community should throw it's weight behind this one.
Thanks Joe,
We decided to go with Tsearch2 and a custom postgres adaptor. Tsearch2 does not need an extra process to run, which was convenient since we are on a WebFaction hosting with limited memory... It's not completely done yet, but seems to be a good solution...
I found Djoosh which relies on the pure-python external search engine Whoosh to work well with my 'Python' brain.
If you are willing to use a 3rd party search engine I can recommend Yahoo BOSS and django-bosssearch.
Yahoo BOSS is a paid service, but it saves you setting up and maintaining other search software on your server.