Post Category Software development

Web Site Security With repoze.who and repoze.what

This article first appeared in the May 2009 issue of Python Magazine and has been slightly updated. The contents of the article are only applicable to repoze.who 1.0 and repoze.what 1.0, not repoze.who 2 and repoze.what 1.1 which are under development as of this writing.

Have you ever created a Web application? If so, it’s very likely that you have at one time or another faced “the security problem”; whether to create and maintain a homegrown security sub-system, or to learn to use framework-specific security mechanisms (which may not be as flexible as you wish).

Securing Web applications shouldn’t be a problem. This article explores a highly extensible alternative which you can learn once and use in arbitrary applications, regardless of the Web framework used (if any!).
Continue reading

Koren’s SVD++ Python Implementation

I recently had to implement a recommender system for the Netflix Prize. Out of the best known models, I chose Yehuda Koren’s SVD++ model as published on the paper entitled “Factorization Meets the Neighborhood: a Multifaceted Collaborative Filtering Model” (the version that doesn’t take into account temporal effects; I’d have implemented the complete model, but couldn’t due to time constraints).

I named this Python-based project “wooflix” and you can download it from code.gustavonarea.net. It ships with a command-line interface and basic documentation, including the design document.

It’s the first project, as far as I know, that uses Booleano. With it, you can get random movie recommendations and filter them, like this:

# Get 5 movie recommendations for user #7, at least those published after 2001
wooflix recommendations 7 --max="5" --filter="movie:year > 2001"

Keep in mind that I won’t offer support for it; I’m publishing because I thought it might be useful for some people, but I have no intentions to work on it in the future.

Announcing Booleano

I am proud to announce the first alpha release of Booleano, a Python-based interpreter of boolean expressions:

Booleano is an interpreter of boolean expressions, a library to define and run filters available as text (e.g., in a natural language) or in Python code.

In order to handle text-based filters, Booleano ships with a fully-featured parser whose grammar is adaptive: Its properties can be overridden using simple configuration directives.

On the other hand, the library exposes a pythonic API for filters written in pure Python. These filters are particularly useful to build reusable conditions from objects provided by a third party library.

It’s been designed to address the following use cases:

  1. Convert text-based conditions: When you need to turn a condition available as plain text into something else (i.e., another filter).
  2. Evaluate text-based conditions: When you have a condition available as plain text and need to iterate over items in order to filter out those for which the evaluation of the condition is not successful.
  3. Evaluate Python-based conditions: When you have a condition represented by a Python object (nothing to be parsed) and need to iterate over items in order to filter out those for which the evaluation of the condition is not successful.

It is a project I found necessary while working on repoze.what 2, which I’ve been developing for the last few months in my spare time. This release is absolutely usable, but lacks documentation because I needed this release out for a (small) project I need to work on ASAP (it will depend on Booleano). The next release will ship with a nice documentation, I promise.

Enable LDAP authentication in your WSGI applications!

repoze.who.plugins.ldap is an straightforward yet powerful solution to enable LDAP authentication in your WSGI application. It enables you to have LDAP authentication working in your new or existing applications, in few minutes and with few lines of code!

It’s a plugin for the repoze.who framework, featuring not only an LDAP authenticator, but also related utilities. It’s a fully documented project which also ships with a working demo application, so it’d be hard for you to get stuck.

I wrote this plugin in order to enable LDAP authentication in Animador. And in fact, it’s the first application that uses the plugin.

The latest version is 1.0, and you’re highly encouraged to play with it and give feedback!

Visit its website for more information!