Cookies and logging in¶
See https://github.com/ctb/cse491-webz/blob/cookies/app.py for code for seting cookies.
Security¶
- As a Web developer, how do you protect against guessing?
Answer: by not being dumb.
- As a Web developer, how do you protect against eavesdropping?
Answer: HTTPS.
- As a Web developer, how do you protect against server compromise?
Answer: you try not to write insecure servers.
- How do you protect against client (browser-side) compromise?
Answer: you can’t.
Scaling; latency; throughput¶
How do you scale up to handle hundreds or thousands of concurrent sessions?
How do you minimize latency, the “turnaround time”?
How do you maximize throughput, the amount of “stuff” being delivered?
What do real Web developers use?¶
All of the tech we used in the class is “real”, including WSGI, Jinja2, JSON and JSON-RPC, CSS, JQuery, SQLite, etc. But people have built layers on top of WSGI and SQL (in particular) to automate as much of the manual stuff as possible.
Real Python Web developers use things like Django and Pyramid.
Personally, I have always had a soft spot for Quixote, which is a nice, simple, extensible Web framework. To take a look,
source env491/bin/activate.csh
wget http://quixote.ca/releases/Quixote-2.7.tar.gz
pip install Quixote-2.7.tar.gz
tar xzf Quixote-2.7.tar.gz
cd Quixote-2.7
python quixote/server/simple_server.py --port=8000
See the files quixote/demo/root.ptl and quixote/demo/extras.ptl for the source for the examples.