I know it's kinda subjective but, if you were to put yourself in my shoes which would you invest the time in learning?
我知道这有点主观但是,如果你把自己放在我的鞋子里,你会花时间学习吗?
I want to write a web app which deals securely with relatively modest amounts of peoples private data, a few thousand records of a few Kb each but stuff that needs to be kept safe, addresses, phone numbers etc. I've done several web projects in PHP/MYSQL and have decided, handy though it is I really don't like PHP and don't want to do another large project in it...
我想写一个网络应用程序,安全地处理相对适度数量的人民私人数据,几千KB的记录,但需要保持安全的东西,地址,电话号码等。我做了几个网络项目在PHP / MYSQL和已经决定,虽然它是我真的不喜欢PHP,并且不想在其中做另一个大项目...
As such I figure I'd best learn something new and so I am considering 2 options (although I'll happily entertain others if you have suggestions). I'm having terrible trouble deciding though. They both look quite involved so rather than just jump in and potentially waste days getting up to speed enough on both of them to make an informed choice I thought I'd come here and canvas some opinion.
因此,我认为我最好学习一些新的东西,所以我正在考虑两种选择(尽管如果你有建议,我会愉快地招待其他人)。不过我决定遇到很麻烦。他们看起来都非常参与,而不是只是跳进去,可能浪费几天时间来加快他们两个人的速度以做出明智的选择我以为我会来这里并画出一些意见。
So the two options I'm considering are...
所以我正在考虑的两个选项是......
One of the PYTHON Web frameworks - TurboGears seems well regarded? Advantage: Of all the languages I ever tried Python is by far and away my favorite. There's loads of frameworks to choose from and I have done quite a lot of non web python coding over the last few years. Disadvantage: There's loads to choose from so it's hard to pick! Need to run single server process? or mod_python? which I don't like the sound of. What I do like is the notion of process separation and compartmentalization, i.e. if one users account is compromised it gives an attacker no leverage against the rest of the system. I'm not clear to what extent a python solution would handle that.
其中一个PYTHON Web框架 - TurboGears似乎受到好评?优势:在我尝试过的所有语言中,Python是我最喜欢的。有很多框架可供选择,过去几年我做了很多非网络python编码。缺点:有可供选择的负载,所以很难选择!需要运行单服务器进程吗?还是mod_python?我不喜欢的声音。我喜欢的是进程分离和分区的概念,即如果一个用户帐户遭到破坏,它就会使攻击者无法利用系统的其余部分。我不清楚python解决方案将在多大程度上处理它。
Writing it as a SEASIDE app Which I guess runs on a squeak app server? Adv: From what I've heard it would permit good compartmentalization of users as each would have their own little private VM independent of all the systems other users which sounds wonderful from a security, scaling and redundancy standpoint. Dis: I've not done any Smalltalk since Uni 15 years back and I never dug too deep into it then. I don't see much entry level help for seaside or that many projects using it. I suspect setting a server up to run it is hard for the same reason i.e. not because it's inherently hard but just cause there will be less help online and a presumption you are already rather au fait with Sqeak/Smalltalk.
把它写成一个SEASIDE应用程序我想在吱吱作响的应用程序服务器上运行?高级:从我所听到的,它将允许用户进行良好的划分,因为每个用户都拥有自己的小型私有虚拟机,独立于其他用户,从安全性,扩展和冗余的角度来看,这听起来很棒。 Dis:自从15年前的Uni以来我没有做过任何Smalltalk,我从来没有深入挖掘它。我没有看到海边或许多使用它的项目的入门级帮助。我怀疑设置一台服务器是因为同样的原因很难运行它,即不是因为它本来就很难但只是因为在网上会有较少的帮助而且假设你已经相当不自觉地使用Sqeak / Smalltalk。
So, what do people think? Would I be able to efficiently get the kind of strong separation and compartmentalization I'm after with a Python framework? Is Seaside as good as I think in terms of insulating users from each other? Might I be better off, security wise, sticking to the languages I'm most familiar with so I don't make any n00b mistakes or will Seaside be worth worth scaling the learning curve and prove more secure, comprehensible and maintainable in the long run? At the end of the day it's not a life or death decision and I can always bail if I start with one and then hate it so pls nobody get all holy language war and start flaming anyone! ;-)
那么,人们怎么想?我是否能够有效地获得我在Python框架之后的强大分离和区分化?就使彼此隔离用户而言,Seaside和我想的一样好吗?可能我会变得更好,安全明智,坚持我最熟悉的语言,所以我不会犯任何n00b错误,或者Seaside值得扩展学习曲线并证明从长远来看更安全,可理解和可维护?在一天结束时,这不是一个生死攸关的决定,如果我从一个开始然后讨厌它,我总能保释,所以没有人得到所有的圣语战争,并开始燃烧任何人! ;-)
Cheers for any replies this gets,
为此获得的任何回复欢呼,
Roger :)
9 个解决方案
#1
Disclaimer: I really don't like PHP, Python is nice, but doesn't come close to Smalltalk in my book. But I am a biased Smalltalker. Some answers about Seaside/Squeak:
免责声明:我真的不喜欢PHP,Python很不错,但在我的书中并没有接近Smalltalk。但我是一个有偏见的Smalltalker。关于Seaside / Squeak的一些答案:
Q: Which I guess runs on a squeak app server?
问:我猜想在吱吱作响的应用服务器上运行?
Seaside runs in several different Smalltalks (VW, Gemstone, Squeak etc). The term "app server" is not really used in Smalltalk country. :)
海边有几种不同的小号(大众,宝石,吱吱声等)。术语“app server”并未真正用于Smalltalk国家/地区。 :)
Q: From what I've heard it would permit good compartmentalization of users as each would have their own little private VM independent of all the systems other users which sounds wonderful from a security, scaling and redundancy standpoint.
问:据我所知,它将允许用户进行良好的划分,因为每个用户都拥有自己的小型私有虚拟机,独立于其他用户,从安全性,扩展和冗余的角度来看,这听起来很棒。
Yes, each user has its own WASession and all UI components the user sees are instances living on the server side in that session. So sharing of state between sessions is something you must do explicitly, typically through a db.
是的,每个用户都有自己的WASession,用户看到的所有UI组件都是该会话中服务器端的实例。因此,您必须明确地在会话之间共享状态,通常通过数据库。
Q: I've not done any Smalltalk since Uni 15 years back and I never dug too deep into it then. I don't see much entry level help for seaside or that many projects using it.
问:自从15年前的Uni以来,我没有做过任何Smalltalk,我从来没有深入挖掘它。我没有看到海边或许多使用它的项目的入门级帮助。
Smalltalk is easy to get going with and there is a whole free online book on Seaside.
Smalltalk很容易上手,在Seaside上有一本完整的免费在线书籍。
Q: I suspect setting a server up to run it is hard for the same reason i.e. not because it's inherently hard but just cause there will be less help online and a presumption you are already rather au fait with Sqeak/Smalltalk.
问:我怀疑设置一台服务器是因为同样的原因很难运行,即不是因为它本身很难但只是因为在网上会有较少的帮助而且假设你已经相当不满Sqeak / Smalltalk。
No, not hard. :) In fact, quite trivial. Tons of help - Seaside ml, IRC on freenode, etc.
不,不难。 :)其实很琐碎。大量的帮助 - 海边ml,freenode上的IRC等
Q: Is Seaside as good as I think in terms of insulating users from each other?
问:在保护用户彼此方面,海边是否像我想的那样好?
I would say so.
我会这么说的。
Q: Might I be better off, security wise, sticking to the languages I'm most familiar with so I don't make any n00b mistakes or will Seaside be worth worth scaling the learning curve and prove more secure, comprehensible and maintainable in the long run?
问:我可能会变得更好,安全明智,坚持我最熟悉的语言,所以我不会犯任何n00b错误,或者Seaside值得扩大学习曲线并证明更安全,可理解和可维护长跑?
The killer argument in favor of Seaside IMHO is the true component model. It really, really makes it wonderful for complex UIs and maintenance. If you are afraid of learning "something different" (but then you wouldn't even consider it in the first place I guess) then I would warn you. But if you are not afraid then you will probably love it.
支持Seaside IMHO的杀手论证是真正的组件模型。它确实非常适合复杂的UI和维护。如果你害怕学习“不同的东西”(但那时我甚至不会考虑它),那么我会警告你。但如果你不害怕,那么你可能会喜欢它。
Also - Squeak (or VW) is a truly awesome development environment - debugging live Seaside sessions, changing code in the debugger and resuming etc etc. It rocks.
此外 - Squeak(或大众)是一个真正令人敬畏的开发环境 - 调试实时的Seaside会话,更改调试器中的代码和恢复等等。它摇滚。
#2
Forget about mod_python, there is WSGI.
忘记mod_python,有WSGI。
I'd recommend Django. It runs on any WSGI server, there are a lot to choose from. There is mod_wsgi for Apache, wsgiref - reference implementation included in Python and many more. Also Google App Engine is WSGI, and includes Django.
我推荐Django。它可以在任何WSGI服务器上运行,有很多可供选择。有针对Apache的mod_wsgi,wsgiref - Python中包含的参考实现等等。 Google App Engine也是WSGI,包括Django。
Django is very popular and it's community is rapidly growing.
Django非常受欢迎,它的社区正在迅速发展。
#3
I'd say take a look at Django. It's a Python framework with a ready-made authentication system that's independent of the hosting OS, which means that compromises are limited to the app that was compromised (barring some exploit against the web server hosting the Python process).
我想说看看Django。它是一个Python框架,带有现成的身份验证系统,独立于托管操作系统,这意味着妥协仅限于受到攻击的应用程序(除非对托管Python进程的Web服务器进行一些利用)。
#4
I've been getting into seaside myself but in many ways it is very hard to get started, which has nothing to do with the smalltalk which can be picked up extremely quickly. The challenge is that you are really protected from writing html directly.
我自己一直在海边,但在很多方面它很难开始,这与可以非常快速地拾取的smalltalk无关。挑战在于您确实无法直接编写html。
I find in most frameworks when you get stuck on how to do something there is always a work around of solving it by using the template. You may later discover that this solution causes problems with clarity down the road and there is in fact a better solutions built into the framework but you were able to move on from that problem until you learned the right way to do it.
我发现在大多数框架中,当你遇到如何做某事时总是会通过使用模板来解决它。您可能稍后发现此解决方案会导致问题清晰,并且事实上在框架中内置了更好的解决方案,但您可以从该问题继续前进,直到您学会了正确的方法。
Seaside doesn't have templates so you don't get that crutch. No problems have permanently stumped me but some have taken me longer to solve than I would have liked. The flip side of this is you end up learning the seaside methodology much quicker because you can't cheat.
Seaside没有模板,所以你没有那个拐杖。没有任何问题永久地困扰我,但有些人花了我更长的时间来解决,而不是我想要的。另一方面,你最终会更快地学习海边方法,因为你不能作弊。
If you decide to go the seaside route don't be afraid to post to the seaside mailing list at squeakfoundation.org. I found it intimidating at first because you don't see a lot of beginner questions there due to the low traffic but people are willing to help beginners there.
如果您决定前往海边路线,请不要害怕发布到squeakfoundation.org的海边邮件列表。起初我觉得它很吓人,因为你没有看到很多初学者的问题,因为交通量很低,但人们愿意帮助那里的初学者。
Also there are a handful of seaside developers who monitor * regularly. Good luck.
还有一些海边开发人员定期监控*。祝好运。
#5
Have you taken a look at www.nagare.org ?
你看过www.nagare.org了吗?
A framework particularly for web apps rather than web sites.
一个特别适用于Web应用程序而非网站的框架。
It is based around the Seaside concepts but you program in Python (nagare deploys a distribution of python called Stackless Python to get the continuations working).
它基于Seaside概念,但您使用Python编程(nagare部署了一个名为Stackless Python的python发行版,以使延续工作)。
Like Seaside it will auto generate HTML, but additionally can use templates as required.
与Seaside一样,它会自动生成HTML,但也可以根据需要使用模板。
It has been recently open sourced by http://www.net-ng.com/ who themselves have many years experience in delivering web apps/sites in quality web frameworks like zope and plone.
它最近由http://www.net-ng.com/开源,他们自己在zope和plone等高质量Web框架中提供Web应用程序/站点方面拥有多年经验。
I am researching it myself at the moment to see if it fits my needs, so can't tell you what I think of it in the wild. If you take a look, please give your feedback.
我现在正在研究它是否符合我的需求,所以无法告诉你我在野外的想法。如果您看一下,请提供反馈。
#6
While considering a Smalltalk web framework, look at Aida/Web as well. Aida has built-in security with user/group/role management and strong access control, which can help you a lot in your case. That way you can achieve safe enough separation of users at the user level in one image. But if you really want, you can separate them with running many images as well. But this brings increased maintenance and I'd think twice if it is worth.
在考虑使用Smalltalk Web框架时,请查看Aida / Web。 Aida具有内置的安全性,具有用户/组/角色管理和强大的访问控制功能,可以为您提供很多帮助。这样,您就可以在一个图像中实现用户级别用户的足够安全分离。但如果你真的想要,你也可以通过运行许多图像来分离它们。但这会增加维护,如果值得,我会三思而行。
#7
I'm toying with Seaside myself and found this tutorial to be invaluable in gaining insight into the capabilities of the framework.
我自己也在与Seaside玩弄,并发现本教程对于深入了解框架的功能非常宝贵。
#8
I think you've pretty much summed up the pros and cons. Seaside isn't that hard to set up (I've installed it twice for various projects) but using it will definitely affect how you work--in addition to re-learning the language you'll probably have to adjust lots of assumptions about your work flow.
我想你几乎总结了利弊。 Seaside并不难设置(我已经为各种项目安装了两次)但是使用它肯定会影响你的工作方式 - 除了重新学习语言之外,你可能需要调整很多假设。你的工作流程。
It also depends on two other factors
它还取决于另外两个因素
- If other people will eventually be maintaining it, you'll have better luck finding python programmers
- If you are doing a highly stateful site, Seaside is going to beat the pants off any other framework I've seen.
如果其他人最终会维护它,那么找到python程序员会更好
如果你正在建立一个非常有状态的网站,那么Seaside将打破我所见过的任何其他框架。
#9
There is now an online book on Seaside to complete the tutorial pointed out earlier.
现在有一本关于Seaside的在线书籍,可以完成前面提到的教程。
#1
Disclaimer: I really don't like PHP, Python is nice, but doesn't come close to Smalltalk in my book. But I am a biased Smalltalker. Some answers about Seaside/Squeak:
免责声明:我真的不喜欢PHP,Python很不错,但在我的书中并没有接近Smalltalk。但我是一个有偏见的Smalltalker。关于Seaside / Squeak的一些答案:
Q: Which I guess runs on a squeak app server?
问:我猜想在吱吱作响的应用服务器上运行?
Seaside runs in several different Smalltalks (VW, Gemstone, Squeak etc). The term "app server" is not really used in Smalltalk country. :)
海边有几种不同的小号(大众,宝石,吱吱声等)。术语“app server”并未真正用于Smalltalk国家/地区。 :)
Q: From what I've heard it would permit good compartmentalization of users as each would have their own little private VM independent of all the systems other users which sounds wonderful from a security, scaling and redundancy standpoint.
问:据我所知,它将允许用户进行良好的划分,因为每个用户都拥有自己的小型私有虚拟机,独立于其他用户,从安全性,扩展和冗余的角度来看,这听起来很棒。
Yes, each user has its own WASession and all UI components the user sees are instances living on the server side in that session. So sharing of state between sessions is something you must do explicitly, typically through a db.
是的,每个用户都有自己的WASession,用户看到的所有UI组件都是该会话中服务器端的实例。因此,您必须明确地在会话之间共享状态,通常通过数据库。
Q: I've not done any Smalltalk since Uni 15 years back and I never dug too deep into it then. I don't see much entry level help for seaside or that many projects using it.
问:自从15年前的Uni以来,我没有做过任何Smalltalk,我从来没有深入挖掘它。我没有看到海边或许多使用它的项目的入门级帮助。
Smalltalk is easy to get going with and there is a whole free online book on Seaside.
Smalltalk很容易上手,在Seaside上有一本完整的免费在线书籍。
Q: I suspect setting a server up to run it is hard for the same reason i.e. not because it's inherently hard but just cause there will be less help online and a presumption you are already rather au fait with Sqeak/Smalltalk.
问:我怀疑设置一台服务器是因为同样的原因很难运行,即不是因为它本身很难但只是因为在网上会有较少的帮助而且假设你已经相当不满Sqeak / Smalltalk。
No, not hard. :) In fact, quite trivial. Tons of help - Seaside ml, IRC on freenode, etc.
不,不难。 :)其实很琐碎。大量的帮助 - 海边ml,freenode上的IRC等
Q: Is Seaside as good as I think in terms of insulating users from each other?
问:在保护用户彼此方面,海边是否像我想的那样好?
I would say so.
我会这么说的。
Q: Might I be better off, security wise, sticking to the languages I'm most familiar with so I don't make any n00b mistakes or will Seaside be worth worth scaling the learning curve and prove more secure, comprehensible and maintainable in the long run?
问:我可能会变得更好,安全明智,坚持我最熟悉的语言,所以我不会犯任何n00b错误,或者Seaside值得扩大学习曲线并证明更安全,可理解和可维护长跑?
The killer argument in favor of Seaside IMHO is the true component model. It really, really makes it wonderful for complex UIs and maintenance. If you are afraid of learning "something different" (but then you wouldn't even consider it in the first place I guess) then I would warn you. But if you are not afraid then you will probably love it.
支持Seaside IMHO的杀手论证是真正的组件模型。它确实非常适合复杂的UI和维护。如果你害怕学习“不同的东西”(但那时我甚至不会考虑它),那么我会警告你。但如果你不害怕,那么你可能会喜欢它。
Also - Squeak (or VW) is a truly awesome development environment - debugging live Seaside sessions, changing code in the debugger and resuming etc etc. It rocks.
此外 - Squeak(或大众)是一个真正令人敬畏的开发环境 - 调试实时的Seaside会话,更改调试器中的代码和恢复等等。它摇滚。
#2
Forget about mod_python, there is WSGI.
忘记mod_python,有WSGI。
I'd recommend Django. It runs on any WSGI server, there are a lot to choose from. There is mod_wsgi for Apache, wsgiref - reference implementation included in Python and many more. Also Google App Engine is WSGI, and includes Django.
我推荐Django。它可以在任何WSGI服务器上运行,有很多可供选择。有针对Apache的mod_wsgi,wsgiref - Python中包含的参考实现等等。 Google App Engine也是WSGI,包括Django。
Django is very popular and it's community is rapidly growing.
Django非常受欢迎,它的社区正在迅速发展。
#3
I'd say take a look at Django. It's a Python framework with a ready-made authentication system that's independent of the hosting OS, which means that compromises are limited to the app that was compromised (barring some exploit against the web server hosting the Python process).
我想说看看Django。它是一个Python框架,带有现成的身份验证系统,独立于托管操作系统,这意味着妥协仅限于受到攻击的应用程序(除非对托管Python进程的Web服务器进行一些利用)。
#4
I've been getting into seaside myself but in many ways it is very hard to get started, which has nothing to do with the smalltalk which can be picked up extremely quickly. The challenge is that you are really protected from writing html directly.
我自己一直在海边,但在很多方面它很难开始,这与可以非常快速地拾取的smalltalk无关。挑战在于您确实无法直接编写html。
I find in most frameworks when you get stuck on how to do something there is always a work around of solving it by using the template. You may later discover that this solution causes problems with clarity down the road and there is in fact a better solutions built into the framework but you were able to move on from that problem until you learned the right way to do it.
我发现在大多数框架中,当你遇到如何做某事时总是会通过使用模板来解决它。您可能稍后发现此解决方案会导致问题清晰,并且事实上在框架中内置了更好的解决方案,但您可以从该问题继续前进,直到您学会了正确的方法。
Seaside doesn't have templates so you don't get that crutch. No problems have permanently stumped me but some have taken me longer to solve than I would have liked. The flip side of this is you end up learning the seaside methodology much quicker because you can't cheat.
Seaside没有模板,所以你没有那个拐杖。没有任何问题永久地困扰我,但有些人花了我更长的时间来解决,而不是我想要的。另一方面,你最终会更快地学习海边方法,因为你不能作弊。
If you decide to go the seaside route don't be afraid to post to the seaside mailing list at squeakfoundation.org. I found it intimidating at first because you don't see a lot of beginner questions there due to the low traffic but people are willing to help beginners there.
如果您决定前往海边路线,请不要害怕发布到squeakfoundation.org的海边邮件列表。起初我觉得它很吓人,因为你没有看到很多初学者的问题,因为交通量很低,但人们愿意帮助那里的初学者。
Also there are a handful of seaside developers who monitor * regularly. Good luck.
还有一些海边开发人员定期监控*。祝好运。
#5
Have you taken a look at www.nagare.org ?
你看过www.nagare.org了吗?
A framework particularly for web apps rather than web sites.
一个特别适用于Web应用程序而非网站的框架。
It is based around the Seaside concepts but you program in Python (nagare deploys a distribution of python called Stackless Python to get the continuations working).
它基于Seaside概念,但您使用Python编程(nagare部署了一个名为Stackless Python的python发行版,以使延续工作)。
Like Seaside it will auto generate HTML, but additionally can use templates as required.
与Seaside一样,它会自动生成HTML,但也可以根据需要使用模板。
It has been recently open sourced by http://www.net-ng.com/ who themselves have many years experience in delivering web apps/sites in quality web frameworks like zope and plone.
它最近由http://www.net-ng.com/开源,他们自己在zope和plone等高质量Web框架中提供Web应用程序/站点方面拥有多年经验。
I am researching it myself at the moment to see if it fits my needs, so can't tell you what I think of it in the wild. If you take a look, please give your feedback.
我现在正在研究它是否符合我的需求,所以无法告诉你我在野外的想法。如果您看一下,请提供反馈。
#6
While considering a Smalltalk web framework, look at Aida/Web as well. Aida has built-in security with user/group/role management and strong access control, which can help you a lot in your case. That way you can achieve safe enough separation of users at the user level in one image. But if you really want, you can separate them with running many images as well. But this brings increased maintenance and I'd think twice if it is worth.
在考虑使用Smalltalk Web框架时,请查看Aida / Web。 Aida具有内置的安全性,具有用户/组/角色管理和强大的访问控制功能,可以为您提供很多帮助。这样,您就可以在一个图像中实现用户级别用户的足够安全分离。但如果你真的想要,你也可以通过运行许多图像来分离它们。但这会增加维护,如果值得,我会三思而行。
#7
I'm toying with Seaside myself and found this tutorial to be invaluable in gaining insight into the capabilities of the framework.
我自己也在与Seaside玩弄,并发现本教程对于深入了解框架的功能非常宝贵。
#8
I think you've pretty much summed up the pros and cons. Seaside isn't that hard to set up (I've installed it twice for various projects) but using it will definitely affect how you work--in addition to re-learning the language you'll probably have to adjust lots of assumptions about your work flow.
我想你几乎总结了利弊。 Seaside并不难设置(我已经为各种项目安装了两次)但是使用它肯定会影响你的工作方式 - 除了重新学习语言之外,你可能需要调整很多假设。你的工作流程。
It also depends on two other factors
它还取决于另外两个因素
- If other people will eventually be maintaining it, you'll have better luck finding python programmers
- If you are doing a highly stateful site, Seaside is going to beat the pants off any other framework I've seen.
如果其他人最终会维护它,那么找到python程序员会更好
如果你正在建立一个非常有状态的网站,那么Seaside将打破我所见过的任何其他框架。
#9
There is now an online book on Seaside to complete the tutorial pointed out earlier.
现在有一本关于Seaside的在线书籍,可以完成前面提到的教程。