[Edu-sig] Simplest webapps

Mon Apr 2 19:16:48 EDT 2018

web2py was written by a college professor to teach web development on
a tight schedule. he didn't like the existing ones that took too long
to get a Hello World thing up and running.   "pick a db engine" is not
something that needs to be part of the 2 hours of class time this
week.

but, it is targeting web development, not Python. And I am pretty sure
it wants functions and a few other stated requirements.   The only
reason I bring it up is it may be a better fit that any of the other
proposed ideas, and its install really is:

http://www.web2py.com/init/default/download
"After download, unzip it and click on web2py.exe (windows) or
web2py.app (osx). To run from source, type: python2.7 web2py.py"   (I
guess Linux users are good with "run from source")

I can confirm it works, but I have never done anything real, but I
know people who have, so I would not be afraid of it.

OTOH, it may not be the solution you are looking for, and that's fine.

On Mon, Apr 2, 2018 at 3:20 PM, Andrew Harrington <aharrin at luc.edu> wrote:
> Bottle sound like it makes things very simple.
> I also have a chapter introducing server-side Python interaction in very
> simple cases.
> http://anh.cs.luc.edu/python/hands-on/3.1/handsonHtml/ch4.html
> It does come well after function introduction.
>
> Dr. Andrew N. Harrington
>   Computer Science Department
>   Graduate Program Director gpd at cs.luc.edu
>   Loyola University Chicago
>   207 Doyle Center, 1052 W Loyola Ave.
> http://www.cs.luc.edu/~anh
> Phone: 773-508-3569
> Dept. Fax:    773-508-3739
> aharrin at luc.edu (as professor, not gpd role)
>
> On Sat, Mar 31, 2018 at 8:20 PM, Wes Turner <wes.turner at gmail.com> wrote:
>>
>> Web programming is fun but dangerous.
>> Things as simple as 'it reads a file off the disk and sends it to the
>> user' can unintentionally expose every readable file to whoever or whatever
>> can access localhost.
>>
>> ```python
>> os.path.join('here', '/etc/shadow')
>> path = 'here/' + '../../../../etc/shadow'
>> ```
>>
>> All of the examples in this thread are susceptible to XSS (Cross Site
>> Scripting) and CSRF (Cross-site Request Forgery). Don't feel bad; many
>> college web programming courses teach dangerous methods, too.
>>
>> XSS:
>> ```
>> x = """</body><script>alert('download_mining_script()')</script>"""
>> return f'<html><body>{x}'
>> """
>>
>> Bottle has multiple templating engines which escape user-supplied input
>> (in order to maintain a separation between data and code).
>>
>> Like XSS, SQLi is also a 'code injection' issue. pypi:Records can use
>> SQLAlchemy. Django is a great framework with a built-in ORM that also
>> escapes SQL queries.
>>
>> CSRF:
>> - X posts an XSS to site A that POSTs to site B
>> - 100 users view site A
>> - [...]
>>
>> http://bottle-utils.readthedocs.io/en/latest/csrf.html
>>
>> https://bottlepy.org/docs/dev/tutorial.html#html-form-handling
>>
>> OWASP has a lot of information on WebSec:
>>
>> OWASP Top 10
>> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
>>
>> The OWASP Vulnerable Web Applications Directory Project (VWAD)
>> https://github.com/OWASP/OWASP-VWAD
>>
>> Any program or user on the system can read and write to localhost.
>>
>>
>> On Saturday, March 31, 2018, Wes Turner <wes.turner at gmail.com> wrote:
>>>
>>> Bottle is a single file web microframework.
>>>
>>> https://github.com/bottlepy/bottle
>>> https://github.com/bottlepy/bottle/blob/master/bottle.py
>>>
>>> > Example: "Hello World" in a bottle
>>>
>>> ```python
>>> from bottle import route, run, template
>>>
>>> @route('/hello/<name>')
>>> def index(name):
>>>     return template('<b>Hello {{name}}</b>!',
>>>         name=name)
>>>
>>> run(host='localhost', port=8080)
>>> ```
>>>
>>> There are docs and every function is Ctrl-F'able within bottle.py.
>>>
>>> On Friday, March 30, 2018, kirby urner <kirby.urner at gmail.com> wrote:
>>>>
>>>>
>>>> Very interesting.  I note that free users are relegated to Python 2.7
>>>>
>>>> Server modules can be Python 3.6 (outside the free version)
>>>>
>>>> Client stuff compiles to JavaScript and is approximately 2.7
>>>>
>>>> That's a bit confusing maybe.  I try to avoid 2.7 but that's not easy.
>>>>
>>>> In my Coding with Kids work, we use Codesters.com to teach Python, which
>>>> depends on Skulpt.  Also 2.x ish.
>>>>
>>>> Kirby
>>>>
>>>>
>>>>
>>>> On Fri, Mar 30, 2018 at 11:49 AM, Jason Blum <jason.blum at gmail.com>
>>>> wrote:
>>>>>
>>>>> http://anvil.works/ is a pretty interesting approach to Python web
>>>>> applications.
>>>>>
>>>>> On Fri, Mar 30, 2018 at 2:05 PM, kirby urner <kirby.urner at gmail.com>
>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> Hi Aivar --
>>>>>>
>>>>>> I think it's a fine idea to write simple Python scripts that write
>>>>>> HTML files, which you may then pull up in the browser.
>>>>>>
>>>>>> There's no need to put a server behind static web pages.  So, for
>>>>>> example, I'll have my students write a page of bookmarks:
>>>>>>
>>>>>> # -*- coding: utf-8 -*-
>>>>>> """
>>>>>> Created on Wed Nov  4 18:02:30 2015
>>>>>>
>>>>>> @author: Kirby Urner
>>>>>> """
>>>>>>
>>>>>> # tuple of tuples
>>>>>> bookmarks = (
>>>>>>     ("Anaconda.org", "http://anaconda.org"),
>>>>>>     ("Python.org", "http://python.org"),
>>>>>>     ("Python Docs", "https://docs.python.org/3/"),
>>>>>>     ("Spaghetti Code", "http://c2.com/cgi/wiki?SpaghettiCode"),
>>>>>>     ("Structured Programming",
>>>>>> "http://c2.com/cgi/wiki?StructuredProgramming"),
>>>>>>     ("Map of Languages",
>>>>>> "http://archive.oreilly.com/pub/a/oreilly//news/languageposter_0504.html"),
>>>>>>     ("XKCD", "http://xkcd.com"),
>>>>>>     )
>>>>>>
>>>>>> page = '''\
>>>>>> <!DOCTYPE HTML>
>>>>>> {}
>>>>>> '''
>>>>>>
>>>>>> html = """\
>>>>>> <HTML>
>>>>>> <HEAD>
>>>>>> <TITLE>Bookmarks for Python</TITLE>
>>>>>> </HEAD>
>>>>>> <BODY>
>>>>>> <H3>Bookmarks</H3>
>>>>>> <BR />
>>>>>> <UL>
>>>>>> {}
>>>>>> </UL>
>>>>>> </BODY>
>>>>>> </HTML>
>>>>>> """.lower()
>>>>>>
>>>>>> the_body = ""
>>>>>> for place, url in bookmarks:
>>>>>>     the_body += "<li><a href='{}'>{}</a></li>\n".format(url, place)
>>>>>>
>>>>>> webpage = open("links.html", "w")
>>>>>> print(page.format(html.format(the_body)), file=webpage)
>>>>>> webpage.close()
>>>>>>
>>>>>> All you need add to your example is using print() to save to a file,
>>>>>> so the browser has something to open.
>>>>>>
>>>>>> I would not call this a "web app" yet it's instructive in showing how
>>>>>> Python can write HTML files.
>>>>>>
>>>>>> Kirby
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Mar 28, 2018 at 12:18 AM, Aivar Annamaa <aivar.annamaa at ut.ee>
>>>>>> wrote:
>>>>>>>
>>>>>>> Hi!
>>>>>>>
>>>>>>> Let's say my students are able to write programs like this:
>>>>>>>
>>>>>>> name = input("name")
>>>>>>>
>>>>>>> if name == "Pete":
>>>>>>>     greeting = "Hi"
>>>>>>> else:
>>>>>>>     greeting = "Hello!"
>>>>>>>
>>>>>>> print(f"""
>>>>>>> <html>
>>>>>>> <body>
>>>>>>> {greeting} {name}!
>>>>>>> </body>
>>>>>>> </html>
>>>>>>> """)
>>>>>>>
>>>>>>> I'd like to allow them start writing web-apps without introducing
>>>>>>> functions first (most web-frameworks require functions).
>>>>>>>
>>>>>>> It occurred to me that it's not hard to create a wrapper, which
>>>>>>> presents this code as a web-app (input would be patched to look up GET or
>>>>>>> POST parameters with given name).
>>>>>>>
>>>>>>> This approach would allow simple debugging of the code on local
>>>>>>> machine and no extra libraries are required in this phase.
>>>>>>>
>>>>>>> Any opinions on this? Has this been tried before?
>>>>>>>
>>>>>>> best regards,
>>>>>>> Aivar
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Edu-sig mailing list
>>>>>>> Edu-sig at python.org
>>>>>>> https://mail.python.org/mailman/listinfo/edu-sig
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Edu-sig mailing list
>>>>>> Edu-sig at python.org
>>>>>> https://mail.python.org/mailman/listinfo/edu-sig
>>>>>>
>>>>>
>>>>
>
>
> _______________________________________________
> Edu-sig mailing list
> Edu-sig at python.org
> https://mail.python.org/mailman/listinfo/edu-sig
>