Mailing List Archive

Just browsing through the Python documentation, I also notice that it is
possible to restrict the execution of programs, similar to Java's sand
box (called a "padded cell" in Python-speak). This opens up a very
interesting possibility - namely that if the system I described in my
previous post allowed CGI scripts to run in a restricted environment,
then there would be no reason why an ISP could not allow their users to
use CGI in their webpages (at present, most ISPs won't grant CGI access
to their users due to the security nightmare that would present).

I intend to do some work on this as soon as I get time. If anyone wants
to help please email me.

Ian.

In article <37A6A2DB.9B11FB01@strs.co.uk>,
Ian Clarke <I.Clarke@strs.co.uk> wrote:
>
>Before people start pointing it out, I know this isn't the most original
>idea in the world, but if it hasn't been done for Python (and I can't
>find anything similar) then it is high time that it was.

Look into Zope at www.zope.org
--
--- Aahz (@netcom.com)

Androgynous poly kinky vanilla queer het <*> http://www.rahul.net/aahz/
Hugs and backrubs -- I break Rule 6 (if you want to know, do some research)

I.Clarke@strs.co.uk (Ian Clarke) wrote in
<37A6A2DB.9B11FB01@strs.co.uk>:

>It is to create a Python web server which automatically parses
>embedded Python in HTML (there is a Perl extension that does this
>too). So, for example, the following HTML code:
>
><HTML>
><HEAD>
><TITLE>
>{
> n = 10
> print n*2
>}
></TITLE>
></HEAD>
><BODY>
>{
> print n*3
>}
></BODY>
></HTML>
>

How would you make a web page display this message, e.g.? I think you
should at least define environments for Python code. ('<!--' etc.) Do
you know PHP3?

--
Felix Pütsch

Felix Puetsch wrote:

>> <BODY>
>> {
>> print n*3
>> }
>> </BODY>
>
> How would you make a web page display this message, e.g.? I think you
> should at least define environments for Python code. ('<!--' etc.)

I think that's what Ian tried to imply with the {} pair, I didn't perceive
his article as an implementaion, rather as an idea to be elaborated on.


//Klaus

--
···[ Magnetic Ink ]················································· ><> ···
···[. Key fingerprint: 2E37 EAED F848 815B 050A FBAA 8F68 DD66 B4B3 7EC4 ]···

Ian Clarke wrote in message <37A6A2DB.9B11FB01@strs.co.uk>...

>It is to create a Python web server which automatically parses embedded
>Python in HTML (there is a Perl extension that does this too). So, for
>example, the following HTML code:

Attached is some code I wrote for exactly this purpose. I looked into Zope
and it's DocTemplate class, but it had some restrictions that I didnt like
for my purpose. I wanted something closer to what you describe.

I stole my implementation idea from Microsoft's ASP. <% and <%= tags
delimit Python code. There is no requirement on the text outside the <%
tags, so HTML (or indeed many other things) work fine.

<%= indicates a Python expression to be evaluated and the result placed in
the output stream.
<% indicates a Python block to be executed. A "write" function can be
called by this code to insert text into the output stream.

The application provides a dictionary to this tool - this dictionary is the
"namespace" made available to the executed code. there is no support for
rexec, as I trust the users running this :-)

A special token <% #end %> is used to overcome Python's white-space in this
environment. Indentation is automatically applied to subsequent code
blocks.

Example text may be:
<% for i in range(3): %>
<%= "This is loop number %d" % i %>
<% #end %>
<% import string # Keep newline in token so not in output!
<% for word in words: %><%= word %><% #end %>

Note that the second line of the example is not indented, but magically
appears in the for loop. The <% #end %> token ends the block, meaning the
import is not indented.

Attached for your amusement.

Mark.



begin 666 doctemplate.py
M:6UP;W)T('-Y<RP@<W1R:6YG+"!T<F%C96)A8VL-"FEM<&]R="!R90T*#0IR
M94)L;V-K4W1A<G0@/2!R92YC;VUP:6QE*'(B+BHZ7',J*",N*BD_)"(I(",@
M36%T8V@@86YY=&AI;F<@96YD:6YG(&EN("(Z(BP@97AC;'5D:6YG(&-O;6UE
M;G1S+@T*9&5B=6=,979E;" ](# -"@T*9&5F($AA;F1L945X8V5P=&EO;B@I
M.@T*"70L('8L('1B(#T@<WES+F5X8U]I;F9O*"D-"@ER971U<FX@(B-%<G(@
M)7,Z("5S(B E("AT+"!V*0T*#0ID968@0VAU;FM&:6QE*&8I.@T*"6-H=6YK
M<R ](%M=#0H)9&%T82 ](&8N<F5A9"@I#0H);&%S=%!O<R ](# -"@ES=&%R
M=%!O<R ]('-T<FEN9RYF:6YD*&1A=&$L("(\)2(I#0H):6YD96YT3&5V96P@
M/2 P#0H)=VAI;&4@<W1A<G10;W,^/3 Z#0H)"65N9%!O<R ]('-T<FEN9RYF
M:6YD*&1A=&$L("(E/B(L('-T87)T4&]S*0T*"0EI9B!E;F10;W,]/2TQ.B!E
M;F10;W,@/2!L96XH9&%T82D-"@D)(R!%=F5R>71H:6YG(&9R;VT@;&%S=%!O
M<R!T;R!S=&%R=%!O<RTQ(&ES(&$@;&ET97)A; T*"0EI;F1E;G0@/2 B(" @
M("(@*B!I;F1E;G1,979E; T*"0EI9B!S=&%R=%!O<SYL87-T4&]S.@T*"0D)
M8VAU;FMS+F%P<&5N9"AI;F1E;G0@*R G=W)I=&4H)7,I(V=E;EQN)R E(&!D
M871A6VQA<W10;W,Z<W1A<G10;W-=8"D-"@D)(R!7;W)K(&]U="!W:&%T('1Y
M<&4@;V8@8VAU;FL@=&AE(&YE>'0@;VYE(&ES#0HC"0EI9" ](&1A=&%;<W1A
M<G10;W,K,CIS=&%R=%!O<RLS70T*"0EC;V1E(#T@<W1R:6YG+G-T<FEP*&1A
M=&%;<W1A<G10;W,K,CIE;F10;W-=*0T*"0EI9B!C;V1E6S!=(#T]("<])SH-
M"@D)"6-O9&4@/2!C;V1E6S$Z70T*"0D)8VAU;FMS+F%P<&5N9"AI;F1E;G0@
M*R G=W)I=&4H7U]E=F%L*"5S+"!G;&]B86QS*"DL(&QO8V%L<R@I*2E<;B<@
M)2!@8V]D96 I#0H)"65L<V4Z#0H)"0DC($-O=6QD(&)E(&%R8FET87)Y(&-H
M=6YK+"!O<B!S<&5C:6%L(&)L;V-K(&UA<FME<BX-"@D)"6EF(')E0FQO8VM3
M=&%R="YM871C:"AC;V1E+" Q*2!I<R!N;W0@3F]N93H-"@D)"0EI9B!S=')I
M;F<N;'-T<FEP*&-O9&4I6SHT72!N;W0@:6X@6R=E;'-E)RPG96QI9B==.@T*
M"0D)"0DC($ET(&ES(&$@8FQO8VL@<W1A<G0-"@D)"0D)8VAU;FMS+F%P<&5N
M9"AI;F1E;G0@*R!C;V1E("L@(EQN(BD-"@D)"0D):6YD96YT3&5V96P@/2!I
M;F1E;G1,979E;" K(#$-"@D)"0EE;'-E.@T*"0D)"0EI;F1E;G0@/2 B(" @
M("(@*B H:6YD96YT3&5V96PM,2D-"@D)"0D)8VAU;FMS+F%P<&5N9"AI;F1E
M;G0@*R!C;V1E("L@(EQN(BD-"@D)"65L<V4Z#0H)"0D):68@<W1R:6YG+FQS
M=')I<"AC;V1E*5LZ-%T]/2(C96YD(CH-"@D)"0D):6YD96YT3&5V96P@/2!I
M;F1E;G1,979E;" M(#$-"@D)"0D):6YD96YT(#T@(B @(" B("H@:6YD96YT
M3&5V96P-"@D)"0EC:'5N:W,N87!P96YD*&EN9&5N=" K(&-O9&4@*R B7&XB
M*0T*"0D)"0T*"0EL87-T4&]S(#T@96YD4&]S*S(-"@D)<W1A<G10;W,@/2!S
M=')I;F<N9FEN9"AD871A+" B/"4B+"!L87-T4&]S*0T*"2,@06YD(&5V97)Y
M=&AI;F<@=&\@=&AE(&5N9"!I<R!L:71E<F%L#0H):6YD96YT(#T@(B @(" B
M("H@:6YD96YT3&5V96P-"@EC:'5N:W,N87!P96YD*&EN9&5N=" K("=W<FET
M92@E<RDC9V5N7&XG("4@8&1A=&%;;&%S=%!O<SI=8"D-"@ER971U<FX@8VAU
M;FMS#0H-"F1E9B!?7V5V86PH(&5X<'(L(&<L(&PI.@T*"71R>3H-"@D)<F5T
M(#T@979A;"AE>'!R+"!G+"!L*0T*"0ER971U<FX@<W1R*')E="D-"@EE>&-E
M<'0Z#0H)"70L('8L('1B(#T@<WES+F5X8U]I;F9O*"D-"@D)<')I;G0@(D5X
M<')E<W-I;VX@)R5S)R!F86EL961<;B E<SH@)7,B("4@*'-T<FEN9RYS=')I
M<"AE>'!R*2P@="P@=BD-"@D):68@9&5B=6=,979E;#H-"@D)"71R86-E8F%C
M:RYP<FEN=%]E>&,H*0T*"0EI9B!T(&ES($%T=')I8G5T945R<F]R.B C(%1R
M=')I;F<N<W!L:70H97AP<BP@(BXB*0T*"0D)=')Y.@T*"0D)"69O<B!I;F1E
M;VEN*&ET96US6SII;F1E>"LQ72PB+B(I#0H)"0D)"79A;" ](&!E=F%L*&YA
M;64L(&<L(&PI8 T*"0D)"0EP<FEN=" B(" E<STE<R(@)2 H;F%M92P@=F%L
M*0T*"0D)97AC97!T.@T*(PD)"0ET<F%C96)A8VLN<')I;G1?97AC*"D-"@D)
M"0EP87-S#0H)"7)E='5R;B B(@T*#0ID968@1'5M<$-O9&4H<V]U<F-E+"!S
M=&%R=#TQ+"!E;F0].3DY*3H-"@EP<FEN=" B/2(@*B U, T*"6QI;F5N;R ]
M(# -"@EF;W(@;&EN92!I;B!S=')I;F<N<W!L:70H<V]U<F-E+")<;B(I.@T*
M"0EL:6YE;F\@/2!L:6YE;F\@*R Q#0H)"6EF(&QI;F5N;SQS=&%R=#H-"@D)
M"6-O;G1I;G5E#0H)"6EF(&QI;F5N;SYE;F0Z#0H)"0EB<F5A:PT*"0EI9B!L
M:6YE6RTT.ET]/2<C9V5N)SH-"@D)"6QO;VL](G=R:71E*"(-"@D)"6EN9&5X
M(#T@<W1R:6YG+FEN9&5X*&QI;F4L(&QO;VLI*VQE;BAL;V]K*0T*"0D)=&5X
M=" ](&QI;F5;:6YD97@Z+35=#0H)"0EI9B!L96XH=&5X="D@/B U-3H-"@D)
M"0ET97AT(#T@=&5X=%LZ,C5=("L@(BXN+B(@*R!T97AT6RTR-3I=#0H)"0EL
M:6YE(#T@;&EN95LZ:6YD97A=("L@=&5X=" K("(I(@T*"0EP<FEN=" B)3-D
M/B5S(B E("AL:6YE;F\L(&QI;F4I#0H)<')I;G0@(CTB("H@-3 -"@T*9&5F
M($5X96-U=&5496UP;&%T92@@9BP@;F%M97-P86-E+"!R97)A:7-A8FQE17AC
M97!T:6]N<R ](%M=("DZ#0H):68@;F]T(&YA;65S<&%C92YH87-?:V5Y*")?
M7V5V86PB*3H-"@D);F%M97-P86-E6R=?7V5V86PG72 ](%]?979A; T*"6-H
M=6YK<R ]($-H=6YK1FEL92AF*0T*"7-O=7)C92 ]('-T<FEN9RYR97!L86-E
M*'-T<FEN9RYJ;VEN*&-H=6YK<RP@(B(I+" B7')<;B(L(")<;B(I#0H):68@
M9&5B=6=,979E;#XQ.@T*"0E$=6UP0V]D92AS;W5R8V4I#0H)=')Y.@T*"0EC
M;V1E(#T@8V]M<&EL92AS;W5R8V4L("(\<V-R:7!T/B(L(")E>&5C(BD-"@EE
M;F%M92P@;&EN96YO+"!O9F9S970L('1E>'0I(#T@9&5T86EL<PT*"0E$=6UP
M0V]D92AS;W5R8V4L(&QI;F5N;RTU+"!L:6YE;F\K-2D-"@D)<')I;G0@(DQI
M;F4B+"!L:6YE;F\L(BP@0V]L(BP@;V9F<V5T+" B.B(L(&UE<W-A9V4-"@D)
M<F5T=7)N#0H)=')Y.@T*"0EE>&5C(&-O9&4@:6X@;F%M97-P86-E#0H)97AC
M97!T.@T*"0EI9B!S>7,N97AC7W1Y<&4@:6X@<F5R86ES86)L945X8V5P=&EO
M;G,Z#0H)"0ER86ES90T*"0EI9B!D96)U9TQE=F5L.@T*"0D)=')A8V5B86-K
M+G!R:6YT7V5X8R@I#0H)"7!R:6YT(")%>&5C=71I;VX@9F%I;&5D(@T*"0EP
M<FEN=" B)7,Z("5S(B E("AS>7,N97AC7VEN9F\H*5LP72P@<WES+F5X8U]I
M;F9O*"E;,5TI#0H-"@T*=&5S=" ]("(B(EP-"CPE(&9O<B!I(&EN(')A;F=E
M*#,I.B E/CPE<')I;G0@:24^/"4C96YD)3X-"DQI=&5R86P\)2!I;7!O<G0@
M<W1R:6YG( T*)3X\)3T@9F]O( T*)3X\)2!W;W)D<R ]('-T<FEN9RYS<&QI
M="@B:&D@=&AE<F4B*2 -"B4^/"4@9F]R('=O<F0@:6X@=V]R9',Z("4^/"4]
M('=O<F0@#0HE/CPE("-E;F0@#0HE/DQA<W0@3&ET97)A; T*/"4@:68@9FQA
M9SH@)3Y)=',@=')U93PE(&5L<V4Z("4^271S(&9A;'-E/"4C96YD)3X-"B(B
M(@T*:68@7U]N86UE7U\]/2=?7VUA:6Y?7R<Z#0H)9&5B=6=,979E;#TR#0H)
M:6UP;W)T(&-3=')I;F=)3PT*"61I8W0@/2![?0T*"61I8W1;)V9O;R==(#T@
M)V9O;R!W87,@:&5R92<-"@ED:6-T6R=F;&%G)UT@/2 Q#0H)9&EC=%LG=W)I
M=&4G72 ]('-Y<RYS=&1O=70N=W)I=&4-"@E%>&5C=71E5&5M<&QA=&4H8U-T
><FEN9TE/+E-T<FEN9TE/*'1E<W0I+"!D:6-T*0T*
`
end

> How would you make a web page display this message, e.g.? I think you
> should at least define environments for Python code.

That is what the {}s are for.

> Do you know PHP3?

I did take a look at it, and it does do something similar, but:

A - PHP is not Python, and we all know that Python is the best language
in the world ;-)
B - There doesn't appear to be any facilities for web page caching
C - It is alot larger than the system I am proposing

Ian.

--
Remove the "NOSPAM." from my email address before replying.

Ian Clarke wrote:

> I am presently working on a CGI based system in Python, and the
> experience gave me an idea for a simple Python program, I would
> appreciate any comments (such as "don't bother, it's been done" or
> "sure, I have loads of spare time, I will do it and release it under the
> GPL").

I'm not going to say either of those! I have done it, although I'm not
terribly happy with the results so far and it's on the back burner for
the moment .... I need to figure out if it's still useful in a Zope
world - which means I have to learn and understand Zope!

> It is to create a Python web server which automatically parses embedded
> Python in HTML (there is a Perl extension that does this too). So, for
> example, the following HTML code:

I embed the python fragments in HTML comment blocks for the sake of
my HTML editor tools which would otherwise feel very sad ...

I've also set it up (at least in one version) so that the python can
generate
http headers at the start as well .... or they can be embedded in the
templates.

> Internally, operation of the system would be simple. The HTML page with
> embedded python would first be converted to a python file (by having a
> print statement output the HTML between the embedded python), this could
> then be compiled for efficiency as when normal files are executed. The
> web server would then parse these files when requested (using an
> appropriately neat method to allow access to CGI variables and Cookies
> and the like from within the embedded HTML). This would lead to a speed
> improvement in that the Python interpreter need not be launched every
> time. The efficiency could be further improved by caching the compiled
> python files in memory.

Yup! All there (minus "appropriately neat": more "rather nasty" for now I'm
afraid)

> Cool facilities could also be implemented which sit ontop of the base
> CGI and Cookie layers to emulate a "per-user" memory. This would allow
> a dictionary to be stored only to be retrieved the next time this user
> accesses the site (this would be achieved using cookies and storing
> information locally with a cookie-style self destruct). Similarly, a
> "per-session" memory could be implemented, making it much easier to
> transfer information (such as a username and password) from one page to
> the next.

Hhmm! Didn't tackle this sort of thing yet !

Also I haven't yet dealt with putting the python into rexec for execution-
but this is only needed if a web master wants to give their clients access
to
these facilities as opposed to doing things themselves.

Things I'm not happy with:

* indenting of the python bits versus the HTML bits doesn't mesh
very well

* the base server that I use is a threaded version of SimpleHTTP and I seem
to have occasional problems with the thing hanging ... don't know why
and haven't time to look into it just now

* I haven't figured how many security holes this might open ...

* there aren't any database "adapters" yet -- I just use background
threads with an in memory database shelved to flat files when
written to. Locking between threads is there though to allow
this to be done safely ... Gadfly would not be a difficult step!

* basically it isn't anywhere near finished

* there are no good examples in the package yet

Having said that I have a couple of small sites where the thing is running
happily
with low load levels. Runs on NT/95 and BSD OS3 as of today. Used to run
on an very old RedHat linux but hasn't been tested there in a while!

I'll upload the thing to my starship account when I get home tonight just
in case anyone is interested!! I'll get back tomorrow with a URL.

Nigel.

nhead@houbits.com, nhead@esoc.esa.de

> Look into Zope at www.zope.org

Again, the point with the system I propose is that it allows the
embedding of >>Python<< code, which is (I assume!) a language we all
know and love, but not only that, it allows the resulting system to be
more efficient than most CGI based solutions. There is a very similar
utility for Perl, and VB for that matter. Consequently I don't claim
that embedding code in a web-page for server-side execution is an
original idea, I am merely suggesting that we do it for Python.

The thing is that I have always been dissatisfied with current methods
of incorporating CGI into webpages. The bog-standard method where the
web server loads the Perl or Python interpretor, feeds the script to it,
and serves the output of the script is way too slow. The process of
actually modifying Apache (using mod perl or mod python) strikes me as a
kludge. I think it is much better to decide on your language, and go
for a specific web server that supports it, rather than go for a generic
web server that supports a whole load of features you don't want.

Ian.

kas@maps.magnetic-ink.dk (Klaus Alexander Seistrup) wrote in
<slrn7qec6g.oet.kas@titan.magnetic-ink.dk>:

>Felix Puetsch wrote:
>
>>> <BODY>
>>> {
>>> print n*3
>>> }
>>> </BODY>
>>
>> How would you make a web page display this message, e.g.? I think
>> you should at least define environments for Python code. ('<!--'
>> etc.)
>
>I think that's what Ian tried to imply with the {} pair
Still rests the question how to print {...} on a web page.

>I didn't
>perceive his article as an implementaion, rather as an idea to be
>elaborated on.
Okay, you're right.

--
Felix Pütsch

Nigel Head <nhead@houbits.com> wrote:
> Ian Clarke wrote:

>> I am presently working on a CGI based system in Python, and the
>> experience gave me an idea for a simple Python program, I would
>> appreciate any comments (such as "don't bother, it's been done" or
>> "sure, I have loads of spare time, I will do it and release it under the
>> GPL").

> I'm not going to say either of those! I have done it, although I'm not
> terribly happy with the results so far and it's on the back burner for
> the moment .... I need to figure out if it's still useful in a Zope
> world - which means I have to learn and understand Zope!

In the Zope world, the idea is to separate layout/HTML from programming
logic as much as possible so that both can be developed and maintained
independently. For HTML and such Zope has DTML. DTML is a simple language
of tags that can be embedded in HTML, so you can do for instance:
(Zope2 syntax)

<p>My web page</p>
<dtml-if foo>
<p>Foo too!</p>
</dtml-if>

You can also use Python expressions inside DTML, which is sometimes
very handy. These Python expressions are secure; they have to be so,
because you can change DTML from a web management interface, and a normal
Zope user shouldn't be able to screw up the server or the Zope database.

For instance you can loop over a sequence like this:

<ul>
<dtml-in "[1, 2, 3, 4, 5]">
<li><dtml-var sequence-item></li>
</dtml-in>
</ul>

Zope also allows you to extend it using Python. The disadvantage is that
currently can't happen through the web management interface -- a Zope
'external method' (in Python) can do anything at all to the Zope database
and is not restricted by security, so that it's not a good idea to let
it be editable through the web.

[snip]
> Also I haven't yet dealt with putting the python into rexec for execution-
> but this is only needed if a web master wants to give their clients access
> to
> these facilities as opposed to doing things themselves.

There has been some vague idea floating around in the Zope community to
come up with a Python Method that *can* be edited through Zope's web
management interface. It should have the right security machinery, of course.
The Zope philosophy is to keep Python code and HTML separate as much as
possible, but even then a *programmer* will find Python methods very
useful, and in special cases it'll be useful to mix them all anyway.

So it might be nice if you folks figured out a way to include this kind
of functionality in Zope. That would at least be ideal for _me_, as I use
Zope. The tricky bit would be delving deep into Zope to make it all work. :)

Regards,

Martijn

#Simple but working

import re

class Response:
def __init__(self):
self.HTMLDocument=''
def write(self,adata):
self.HTMLDocument=self.HTMLDocument+adata

def GetTextAsHTMLText(s,repldict={}):
for akey in repldict.keys():
c=re.compile('\<\%\= *'+akey+' *\%\>', re.I)
s=c.sub(repldict[akey],s)
c=re.compile('\<\%', re.I)
s=c.sub('""")',s)
c=re.compile('\%\>', re.I)
s=c.sub('Response.write("""',s)
s='Response.write("""'+s+'""")'
aresponse=Response()
gdict={'Response':aresponse}
exec s in gdict,repldict
return aresponse.HTMLDocument

def DoTest():
ahtmlsource=r"""
<HTML>
<BODY>
<%
Response.write('<h1>'+ScriptName+'</h1>\n')
Response.write('<table>')
x=0
while x<10:
s='<tr><td>%s</td><td>%s</td></tr>\n'%('d1_'+`x`,'d2_'+`x`)
Response.write(s)
x=x+1
Response.write('</table>')
%>
<p>
<%
for i in range(10):
Response.write(`i`+',')
Response.write('<br>')
%>
Test line 1 = <%= Test1 %>
Test line 2 = <%=Test2%>
</p>
</BODY></HTML>
"""
adict={'Test1':'this is page constant','Test2':'another
constant','ScriptName':'This is script name'}
s=GetTextAsHTMLText(ahtmlsource,adict)
print s

if __name__=='__main__':
DoTest()

# Rafal Smotrzyk

> I'm not going to say either of those! I have done it, although I'm not
> terribly happy with the results so far and it's on the back burner for
> the moment .... I need to figure out if it's still useful in a Zope
> world - which means I have to learn and understand Zope!

Yes, I am in the same situation. It sounds from a user interface point
of view, that Zope can do Python embedding easily, so then the question
becomes whether this idea would be more efficient than Zope (in terms of
page generation, AND simplicity of deployment).

> I embed the python fragments in HTML comment blocks for the sake of
> my HTML editor tools which would otherwise feel very sad ...

Well, I wanted to allow the editing of Python code blocks from within
the HTML editor (that would prevent any kind of autoindentation).

> I've also set it up (at least in one version) so that the python can
> generate http headers at the start as well .... or they can be embedded in
> the templates.

Cool!

> Yup! All there (minus "appropriately neat": more "rather nasty" for now I'm
> afraid)

I thought that the CGI variables could be directly translated into local
variables and accessed like that, or possibly just turned into a
dictionary called 'cgi'.

> Also I haven't yet dealt with putting the python into rexec for execution-
> but this is only needed if a web master wants to give their clients access
> to these facilities as opposed to doing things themselves.

I think this would be a very nice feature as it would mean that ISPs
could grant CGI access to their users (provided their users are willing
to learn Python - and what language could be easier to learn?) without
raising any security concerns.

> * indenting of the python bits versus the HTML bits doesn't mesh
> very well

Yes. We look into writing indentation modes for Emacs, and combining
HTML and Python modes in some way.

> * the base server that I use is a threaded version of SimpleHTTP and I seem
> to have occasional problems with the thing hanging ... don't know why
> and haven't time to look into it just now

Peculiar, if the problem could be replicated then we could get whoever
wrote SimpleHTTP on the case.

> * I haven't figured how many security holes this might open ...

Hopefully none if we execute the Python scripts in a "padded cell".

> I'll upload the thing to my starship account when I get home tonight just
> in case anyone is interested!! I'll get back tomorrow with a URL.

I look forward to taking a look. Are you willing to release the code
under the GPL?

Ian.

--
Remove the "NOSPAM." from my email address before replying.

In article <37AA804D.9A1317C0@houbits.com> nhead@houbits.com "Nigel Head" writes:
> There's no licence statement in the distribution at all for now --
> my intention is that anyone can use the contents anyway they want,
> for non-commercial purposes, providing they keep a reference to the
> original source. Oh yes, and I can't take any responsibility for errors.
>
> Perhaps one of you experienced people can offer some quick advice as to what I
> need to do -- do I need to just add a licence.txt file or must I add a header
> to every file? What standard text can I use? Is my intent compatible with the
> GPL?

No. The GPL allows anyone to use the software, for commercial or
non-commercial purposes. However, if they distribute the software,
they must include all source code, including all source code they
write which is linked to the software.

The license that you want is something like the BSD license except that
it forbids commercial use.

--
Phil Hunt....philh@vision25.demon.co.uk

On Sun, 08 Aug 99 12:31:22 GMT, philh@vision25.demon.co.uk (Phil Hunt)
wrote:

>In article <37AA804D.9A1317C0@houbits.com> nhead@houbits.com "Nigel Head" writes:
>> There's no licence statement in the distribution at all for now --
>> my intention is that anyone can use the contents anyway they want,
>> for non-commercial purposes, providing they keep a reference to the
>> original source. Oh yes, and I can't take any responsibility for errors.
>>
>> Perhaps one of you experienced people can offer some quick advice as to what I
>> need to do -- do I need to just add a licence.txt file or must I add a header
>> to every file? What standard text can I use? Is my intent compatible with the
>> GPL?
This post raised some concerns for me since i have a Python extension
that i was going to add to our latest product release. The product is
not written in Python, nor does it require Python to be running and
the extension is there because i thought it was cool. However, i have
to ask whether it is legal to retain this functionality.
>
>No. The GPL allows anyone to use the software, for commercial or
>non-commercial purposes. However, if they distribute the software,
>they must include all source code, including all source code they
>write which is linked to the software.
>
I don't understand this. What is "the software"? As far as i can tell,
if the software is distributed in binary format (say as a DLL on
Windoze boxes) then it can be distributed freely with no conditions.
I've written an extension to a vehicle tracking product that we
produce that offers a scripting interface. I'm not sure if anyone will
use this, but i certainly can't distribute it if i have to distribute
the Python source. Added to which, i don't want to distribute my
source (except to selected folk) as i don't need the support grief.

>The license that you want is something like the BSD license except that
>it forbids commercial use.

I can't forbid commercial use. This was why i chose Python. I have no
idea if people can or will make money on my interface. If Python
imposes commercial limitations then i'll have to drop it, pissed-ly,
since i spent quite a bit of time writing an extension, but that's the
way it goes.

So, can somebody tell me if i can ship the Python Bits and my own DLL
to anybody to use in any way they desire? No fairly otherwise eh?

phil.
>
>--
>Phil Hunt....philh@vision25.demon.co.uk
>

phil <phil@ricochet.net> wrote:
[snip discussion of licenses, GPL, etc]
> I can't forbid commercial use. This was why i chose Python. I have no
> idea if people can or will make money on my interface. If Python
> imposes commercial limitations then i'll have to drop it, pissed-ly,
> since i spent quite a bit of time writing an extension, but that's the
> way it goes.

I'm confused. Perhaps you're under the impression Python is distributed
under the GPL? It's not; it's distributed under its own license which
(read it) basically allows you to do anything you like with it, commercial
or not.

The GPL allows any use and modifications, as long as you supply the source
code of your modifications, also GPL-ed. And if you base your work on a
GPL-ed library the intent of the GPL is that you GPL your work as well.
By this means GPL-ed code tries to 'infect' anything that uses it (note that
the output of GPL-ed software can still be used freely, such as in the case
of the gcc compiler). The 'LGPL' (library GPL or these days 'lesser GPL')
is more liberal in the sense that non GPL code can use it without having to
be GPL itself.

All this is however not applicable to Python (though it may be to some
extension libraries), as Python does not come with a GPL license.

There are advantages to the GPL and the non GPL ways to open source code;
the GPL tends to safeguard against code splits and enhancements not making
it to the general public, while the BSD-style licenses (is the Python
license one in the practical usage sense?) allow practically any use, which
allows some enhancements to remain private, but also makes it easier for
companies to work with Python; companies which may eventually contribute
a lot to Python and open source software in general. One Pythonic example of
such a company is Digital Creations, which open sourced a lot of Python
code before it finally went all the way in open sourcing their Zope
framework. It would be hard to imagine something like this if Python was
covered by the GPL, though the GPL has its own famous examples (like Cygnus
for gcc).

License-pundit-for-5-minutes-ly yours,

Martijn

Actually, having thought and done some research I feel like going for the Artistic
License for any future stuff I may distribute. It doesn't prescribe commercial use
but I've decided that was a Wrong Thing to want to do anyway. It does disallow
selling the software (as opposed to using it commercially) which is what I really
meant to say; apart from that it's Open Source certified and I can actually
understand it -- as opposed to the GPL which reads too legalese for my small brain!

I assume that, given the conditions, one file of "license.txt" in any package is
enough? No need for headers etc.

Thanks for the advice,
Nigel.

I wrote:

> There's no licence statement in the distribution at all for now -- my intention
> is that anyone can use the contents anyway they want, for non-commercial
> purposes, providing they keep a reference to the original source. Oh yes, and I
> can't take any responsibility for errors.

Nigel Head <nhead@houbits.com> writes:

> Actually, having thought and done some research I feel like going for
> the Artistic License for any future stuff I may distribute. It doesn't
> prescribe commercial use but I've decided that was a Wrong Thing to
> want to do anyway. It does disallow selling the software (as opposed
> to using it commercially) which is what I really meant to say; apart
> from that it's Open Source certified and I can actually understand it
> -- as opposed to the GPL which reads too legalese for my small brain!

Well really, anything that is covered by the OSD _does_ allow selling
in some circumstances, which is what the Artistic license does in
section five.

If I decide that $100 is a reasonable copying fee, and whoever I sell
it to agrees or is convinced by my marketing, I can "sell" it for
$100. (See the definitions. Note that I don't have to justify to you
what I sell it for.) Or I can use it in a $1000 package and sell
that, under section 8, as long as it isn't obvious I'm using your
software!

The Debian Free Software Guidelines, which the OSD is mostly based on,
assume that a collection of Free Software can be sold for as much as
anyone will pay. If you try to stop anyone from selling your software
at all, it *won't* be Open Source.

--
Carey Evans http://home.clear.net.nz/pages/c.evans/

"This is where your sanity gives in..."

Carey Evans wrote:

> If I decide that $100 is a reasonable copying fee, and whoever I sell
> it to agrees or is convinced by my marketing, I can "sell" it for
> $100. (See the definitions. Note that I don't have to justify to you
> what I sell it for.)

No probs - you're selling my package, with my name on it! Credit and future
enquiries come to me (possibly!).

> Or I can use it in a $1000 package and sell
> that, under section 8, as long as it isn't obvious I'm using your
> software!

Also no problems with that from my side.

I guess what would really bug me is for people to hijack the package, remove
original credits and resell straight with no added value of their own. I
think that should be disallowed; that's all!

Nigel.

Nigel Head wrote:
[licensing...]

> I guess what would really bug me is for people to hijack the
> package, remove original credits and resell straight with no added
> value of their own. I think that should be disallowed; that's all!

That's disallowed by copyright law, which is how violators get
prosecuted anyway, not under these silly "my license is trickier than
yours" clauses.

- Gordon

On 9 Aug 1999 09:13:30 GMT, m.faassen@vet.uu.nl (Martijn Faassen)
wrote:

>phil <phil@ricochet.net> wrote:
>[snip discussion of licenses, GPL, etc]
>> I can't forbid commercial use. This was why i chose Python. I have no
>> idea if people can or will make money on my interface. If Python
>> imposes commercial limitations then i'll have to drop it, pissed-ly,
>> since i spent quite a bit of time writing an extension, but that's the
>> way it goes.
>
>I'm confused. Perhaps you're under the impression Python is distributed
>under the GPL? It's not; it's distributed under its own license which
>(read it) basically allows you to do anything you like with it, commercial
>or not.
<snip very interesting licence discussion>

Thanks. I was confused. I'd read the Python licence and it was
completely open. The 'GPL' threw me and i was concerned that things
were a-changing.

Less confused-ly yours,

phil

>
>License-pundit-for-5-minutes-ly yours,
>
>Martijn