Jump to content

web2py

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Beerc (talk | contribs) at 14:42, 4 November 2009 (→‎Strong security: an intrawiki link added). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

web2py
Developer(s)web2py developers
Stable release
1.71.0 / October 31, 2009 (2009-10-31)
Repository
Written inPython
Operating systemCross-platform
TypeWeb application framework
LicenseGNU GPL v2.0 (with exception)
Websitehomepage
mailing list

Web2py is an open source web application framework. Its primary goal is to support agile development of fast, scalable, secure and portable database-driven web-based applications. Web2py is written in the Python language and is programmable in Python. Since web2py was originally designed as a teaching tool with emphasis on ease of use and deployment, it does not have any project-level configuration files.

Web2py was inspired by Ruby on Rails (RoR) framework and, as RoR, it focuses on rapid development, favors convention over configuration approach and follows Model-View-Controller (MVC) architectural pattern. But web2py is based on Python and provides a comprehensive web-based administrative interface, includes libraries to handle more protocols, and can run on the Google App Engine.

Web2py was also inspired by Django framework and, as Django, it has the ability to generate forms from database tables and it includes an extensive set of validators.

Thanks to Python, web2py is less verbose than Java-based frameworks and its syntax is much cleaner than PHP-based frameworks. This makes applications simpler to develop, easier to read and maintain.

Overview

Web2py is a full-stack framework in that it has built-in components for all major functions. Examples include:

Web2py helps the developer to follow sound software engineering practices such as

Web2py has a focus on security by providing safe default mechanisms. This prevents the most common vulnerabilities.

Web2py differs from other web frameworks because it was originally designed as a teaching tool at DePaul University and thus has a very shallow learning curve. For this reason it is designed to be easy to set up (requires no installation) and provides a fully web-based development environment.

Web2py is built following the WSGI protocol, the latest Python protocol for communication between web server and web applications. It also provides handlers for CGI and the FastCGI protocols, and it includes the multi-threaded, SSL-enabled CherryPy wsgiserver.

According to agile practices, web2py has frequent releases and easy to update. But it rarely requires upgrades. Its developers have not broken backward compatibility since v1.0 in 2007, and they pledge not to break it in the future.

Some rare features

Web-based integrated development environment (IDE)

You can do all development, debugging, testing, maintenance and remote database administration without third party tools — via a web interface, which itself a web2py application.

You can manage internationalization (add language and write translations) from this IDE. Each application has an automatically generated database administrative interface, similar to Django. It also includes web-based testing and a web-based shell.

You don't have to use this IDE, applications can also be created from command line and developed with other IDEs [4]. Further debugging options [5]:

  • Wing IDE allows you to graphically debug a web2py application [6] as you interact with it from your web browser, you can inspect and modify variables, make function calls etc.
  • Eclipse/PyDev — Eclipse with Aptana PyDev plugin — supports debugging for web2py, too [7] [8].
  • The extensible pdb debugger is a module of Python's standard library.
  • With the platform independent, free — GNU GPL licensed —, open source Winpdb debugger you can do even remote debugging [9] over TCP/IP, through encrypted connection [10].

Flexible views

The common Hello World program with web2py in simplest case (simple web page [11] without template) would look like: 

def hello():
    return 'Hello World'

Python based templating: web2py includes a fast, pure Python based template language

  • with no indentation requirements;
  • with server-side Document Object Model (DOM).

Usable without web2py [12].

Joomla templates: you can [13] convert Joomla 1.x templates to web2py layouts.

Generic views: if you write a controller without view, you automatically get generic view that render the variables returned by the controller. So you can develop the logic of your application without writing one line of HTML and you have a working prototype.

Strong security

Web2py has a focus on security. It never had any security issue reported. Top 10 security issues according to OWASP [14] and what web2py does about them [15]:

Ticketing system

Each web2py application comes with a ticketing system:

  • If an error occurs, it is logged and a ticket is issued to the user. That allows error tracking.
  • Errors and source code are accessible only to the administrator, who can search and retrieve errors by date or client-IP. No error can result in code being exposed to the users.

Portable cron

Mechanism for creating and running recurrent tasks in background. It looks for an application-specific crontab file which is in regular crontab format. Three modes of operation are available:

  • Softcron: cron routines are checked after web page content has been served, does not guarantee execution precision. For unprivileged Apache CGI/WSGI installs.
  • Hardcron: a cron thread gets started on web2py startup. For Windows and CherryPy/standalone web2py installs.
  • Extcron: cron functions get force-called from the command line, usually from the system crontab. For Unix/Linux systems and places where the cron triggers need to be executed even if web2py is not running at the moment. Also good for CGI/WSGI installs if you have access to the system crontab.

Source code protection

Web2py can compile web applications and you can distribute them in bytecode compiled form, without source code. This helps but does not guarantee source code protection due to the existence of disassemblers and decompilers for Python bytecode (*.pyc and *.pyo files):

  • Dis module [16] of the Python standard library allows you to disassemble, but not decompile Python bytecode.
  • Open source Decompyle Python disassembler and decompiler converts Python bytecode back into equivalent Python source. It accepts bytecode from any Python version between 1.5 and 2.3 inclusive. It doesn't support versions above 2.3 and hard to use.
    • Commercial decompyle service origins at Decompyle. It decompiles Python versions 1.5 up to 2.6, with some minor limitations.
  • Open source UnPyc is a tool for disassembling, analyzing and decompiling Python bytecodes, with various success. UnPyc supports Python v2.5 and v2.6.

However it is quite easy [17][18][19] to extend Python with C or C++, to achieve:

  • more efficient code;
  • adequate safety of intellectual property;
  • reduced security exposure of private informations in the code — such as usernames and passwords.

Installation, upgrade

Web2py is based on Python, but it is not a pre-requisite to run web2py. Download from its homepage [20], unzip, execute are all that is needed to get started with web2py — on any operating system. Web2py comes packaged with anything you need for development including web server and database. No installation procedure, no configuration and no shell scripting required.

First steps

On Windows

After download, unzip it and click on web2py.exe. Choose a password, click the link of the administrative interface, enter same password.

To run from source type: 

 python web2py.py

To run as a Windows service follow this guideline:[21].

On Mac OS X

After download, unzip it and click on web2py.app. Choose a password, click the link of the administrative interface, enter same password.

To run from source type: 

 python web2py.py

On Unix systems, including Linux and BSD

Run from source: 

 python2.5 web2py.py

Choose a password, click the link of the administrative interface, enter same password.

On Google App Engine

You must deploy the web2py engine in its source code [22] form. So GAE runs web2py which in turns runs the web2py applications under it.

Detailed instructions about deploying web2py [23] and running web2py applications [24] on GAE.

Performance problem on low activity sites

GAE compiles the .py files into byte code on startup and it remains cached in GAE for less than a minute.

On low activity sites a trick for performance a cron job — under GAE [25] or elsewhere — which will ping one of your web2py controller files in order to keep its bytecode fresh in the GAE cache [26] [27] [28] [29].

Even better to use the task queue to hit a URL that simply returns a non-200 HTTP status code, so the task will retry indefinitely at up to 10 Hz (10 calls/sec) [30]. You can specify how often a task is called.

Caveats

After installation, every time you run it, web2py asks you to choose a password. This password is your administrative password. If the password is left blank, the administrative interface is disabled.

The administrative interface (/admin/default/index) is only accessible via localhost (remote access available only through SSL — SSH tunnel or HTTPS) and always requires a password.

Operating systems, Python versions & implementations, virtual machines, hardwares

Web2py runs on Windows, Windows CE phones, Mac, Unix/Linux, Google App Engine, Amazon EC2, and almost any web hosting via Python 2.4 [31]/2.5/2.6.

Python 3.x is not fully compatible with 2.x [32]. Currently developers of web2py doesn't plan to make the framework compatible with Python 3.x [33].

Web2py since v1.64.0 runs unmodifiedly on Java with Jython 2.5, without any known limitation [34].

Web2py code runs with IronPython on .NET [35]. Limitations:

  • no csv module (so no database I/O);
  • no third party database drivers (not even SQLite, so no databases at all);
  • no built-in web server (unless you cripple it by removing signals and logging).

These are because csv, sqlite, signals and logging modules are not present in IronPython.

VMWare appliance: coming soon [36].

You can [37] run the binary versions of web2py off a USB drive or a portable hard drive without dependencies, like Portable Python.

Web server arrangements

You can serve requests via HTTP and HTTPS with the built-in CherryPy server [38] of web2py, with Apache [39], Lighttpd [40], Cherokee [41], Nginx and almost any other web server through CGI, FastCGI, WSGI, mod_proxy [42][43] [44], and/or mod_python.

Suitable IDEs and debuggers

You can use the built-in IDE and various 3rd party tools to develop web2py applications.

Upgrading web2py

See web2py manual, 2nd edition, page 309 for upgrading steps.

Database handling

Database abstraction layer (DAL) of web2py dynamically and transparently generates SQL queries and runs on multiple compatible database backends. You don't need to use database-specific SQL commands. You can however explicitly issue SQL statements, according to the specific database driver.

SQLite is included in Python and thus web2py, so that is the default backend. You can simply change a connection string to connect to Firebird, IBM DB2, Informix, Ingres, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and Google App Engine (GAE) with some caveats. Specialities:

  • You can do distributed transactions:
    • Since web2py v1.17 with PostgreSQL v8.2 and later [45] [46], because it provides API for two-phase commits.
    • Since web2py v1.70.1 with Firebird and MySQL too, but it is experimental yet.
  • GAE is not a relational store, see web2py manual, 2nd edition, page 305 for guidelines and caveats.

This DAL is fast, at least comparable with SQLAlchemy and Storm [47].

Web2py can connect to multiple databases at once. Performs automatic transactions. Even creates and alters tables for you when required.

This is a DAL, not an ORM. An ORM maps database tables into classes and records into instances of those classes. This DAL instead maps database tables into instances of a class and records into instances of another class. It has very similar syntax to an ORM but it is faster, and can map almost any SQL expressions into DAL expressions. Usable without web2py [48].

Automatic database migrations

Web2py supports database migrations. You just change the definition of a table and it ALTERs the table accordingly. For example if you change a field from boolean to string, the database is altered and the values are converted from boolean to string for existing records.

In web2py migrations are automatic, but can disabled for any table. Web2py logs all migrations and migration attempts in a file so you can see what changes are made to the database.

Limitations:

  • SQLite does not understand migrations well. In particular it can't alter table and change a column type. It just stores new values according to the new type.
  • On GAE there is no concept of alter table so you can add columns and you can drop (they will not be dropped, just ignored). You can change some attributes of a column (like length) since they are ignored anyway. Some migrations will not work.

Applications

Ready to use applications with source code

You can find many free and ready to use web2py plugins and applications with full source code, ready to customize, with various licenses.

Mostly on this list of its homepage, some of them:

Three of them elsewhere:

  • PyForum, a full-fledged message board system.
  • T2, a web2py plugin that implements web development patterns — registration, login, logout, groups, access, attachments, comments, previews, etc. —, with extensive documentation.
  • T3, a wiki application that runs everywhere, including on Google App Engine. Super-powered: it allows admin to define database tables (using DAL syntax) and to embed Python code into the source code of wiki pages.

A quick reference to the high-level web2py functionality that was added in T2 and T3: T2/T3 cheat sheet.

Websites and web applications powered by / built with web2py

Two lists about who is using it:

Licenses

Web2py code is released under GNU GPL v2.0 license. This license [49] does not extend to third party libraries distributed with web2py (which are all MIT or BSD type licenses) nor does it extend to applications built with web2py.

The license of the official binaries is freeware [50]. You can use and redistribute them but not charge for them. You are not allowed to distribute another binary version of web2py.

Applications built with web2py can be released under any license as long they do not contain web2py code. In particular they can be bytecode compiled and distributed in closed source. The admin interface provides a button to bytecode compile.

It is fine to distribute web2py (source or compiled) with your applications as long as you make it clear in the license where your application ends and web2py starts.

You are not allowed to:

  • claim you built web2py;
  • create a derivative of web2py in violation of the GNU GPL v2.0;
  • distribute a binary version of web2py other than those officially released by Massimo DiPierro.

web2py is copyrighted by Massimo DiPierro. The web2py trademark is owned by Massimo DiPierro.

Publications

Videos

Printed

Background

Support

Community support is available by

As of 2009-10-02, worldwide 15 companies provide commercial web2py support [52].

Developers

Lead developer: Massimo DiPierro (Associate Professor of Computer Science at DePaul University in Chicago).

As of 2009-10-30, homepage of web2py lists 49 "main contributors" [53].

Third-party softwares included in web2py

History and naming

The source code for the first public version of web2py was released under GNU GPL v2.0 on 2007-09-27 by Massimo DiPierro as the Enterprise Web Framework (EWF). The name was changed twice due to name conflicts:

  • EWF v1.7 was followed by Gluon v1.0.
  • Gluon v1.15 was followed by web2py v1.16.

Web.py has a similar name, but they are unrelated.

References

Web2py enlisted in two source code repositories:

Freshmeat, Ohloh and Google Trends — despite their flaws — provides some valuable insights into background, composition of code, vitality and popularity of software development projects:

Notes

  1. ^ Web2py speaks multiple protocols since v1.63
  2. ^ Using SOAP with web2py
  3. ^ Writing Smart Web-based Forms
  4. ^ Web2py online IDE with [https://addons.mozilla.org/hu/firefox/addon/4125 It's All Text! Firefox addon and Ulipad (open source Python IDE)]
  5. ^ How to debug Web2py applications?
  6. ^ Wing IDE supports debugging for web2py
  7. ^ Eclipse/PyDev supports debugging for web2py
  8. ^ Using web2py on Eclipse
  9. ^ With Winpdb you can do remote debugging over TCP/IP
  10. ^ Encrypted communication in Winpdb
  11. ^ Simplest web page with web2py: "Hello World" example
  12. ^ How to use web2py templates without web2py
  13. ^ Using Joomla templates with web2py
  14. ^ Top 10 security issues according to OWASP — in 2007, but still valid, and no newer list
  15. ^ Top 10 security issues according to OWASP and what web2py does about them
  16. ^ Disassembler for Python bytecode
  17. ^ Extending Python with C or C++
  18. ^ Cython simplifies the writing of C extension modules for Python.
  19. ^ Pyrex developed to aid in creating Python modules, its syntax is very close to Python.
  20. ^ Binary and source code downloads on the homepage of web2py
  21. ^ How to run web2py as a Windows service
  22. ^ Source code of current version of web2py for all platforms
  23. ^ Deploying web2py on Google App Engine
  24. ^ How to run web2py applications on Google App Engine
  25. ^ Cron jobs on Google App Engine
  26. ^ Performance tricks for GAE installs, 2008-07-23
  27. ^ Performance tricks for GAE installs, 2008-10-18
  28. ^ Performance tricks for GAE installs, 2009-02-27
  29. ^ Performance tricks for GAE installs, 2009-04-14
  30. ^ Performance tricks for GAE installs, 2009-10-26
  31. ^ How to run web2py with Python 2.4
  32. ^ Python 3.x is not fully compatible with 2.x
  33. ^ Developers of web2py doesn't plan to make it compatible with Python 3.x
  34. ^ Web2py runs fully on Java and J2EE using Jython
  35. ^ Web2py runs with IronPython on .NET, with limitations
  36. ^ Web2py VMWare appliance coming soon
  37. ^ MySQL with web2py Windows binary on a USB thumb-drive
  38. ^ How to run the built-in SSL server
  39. ^ Web2py with Apache and mod_ssl
  40. ^ Web2py with Lighttpd and FastCGI
  41. ^ Web2py with Cherokee
  42. ^ Apache Module mod_proxy
  43. ^ Web2py with mod_proxy
  44. ^ Web2py with mod_proxy and mod_proxy_html
  45. ^ Distributed transactions with PostgreSQL
  46. ^ Distributed transactions with PostgreSQL — further details
  47. ^ ORM Benchmark
  48. ^ How to use web2py DAL without web2py
  49. ^ Licenses of the web2py package
  50. ^ Web2py's official binaries are freeware
  51. ^ IRC #web2py channel
  52. ^ Commercial support for web2py
  53. ^ List of main contributors to web2py
  54. ^ CherryPy v3 WSGI server benchmark results
  55. ^ How fast is CherryPy?
Retrieved from "https://en.wikipedia.org/w/index.php?title=Web2py&oldid=323896469"