tsung, django, and cross-site request forgery protection
Wednesday, 22nd June, 2011
Tsung is an excellent tool for stress-testing websites. With tsung-recorder you can record different visits (called sessions) to the target website, and later run many randomised versions of the visits.
One complication with testing a Django website, is that forms are generally protected against cross-site request forgery attacks by a hidden field in the form (see Cross Site Request Forgery protection).
Thanks to help from a respondent on django-users, we can overcome this complication: using dyn_variable, tsung can find values in a requested webpage and store them for use in later requests. The simplified session config below shows this in action.
<session name='login_with_csrf' probability='100' type='ts_http'> <request> <dyn_variable name="csrfmiddlewaretoken" ></dyn_variable> <http url='http://mysite.com/' method='GET'></http> </request> <request subst="true"> <http url='/home/' contents='csrfmiddlewaretoken=%%_csrfmiddlewaretoken%%&csrfmiddlewaretoken=%%_csrfmiddlewaretoken%%&username=xxxxxx&password=xxxxxx&next=%2F' content_type='application/x-www-form-urlencoded' method='POST'></http> </request> </session>
BeatBullying’s campaign The Big March collects awards
Friday, 17th June, 2011
[updated 061111: added another award]
[updated 290911: added another award]
Congratulations to BeatBullying! Six awards — so far.
MAAW Globe Awards
MAAW = Marketing Agencies Association Worldwide
Third Sector Excellence Awards
Institute of Promotional Marketing
- Digital Promotions (Gold)
- Not for Profit (Silver)
UTalk Marketing
For more on the Big March:
- The Big March itself
- BeatBullying’s page about the campaign
I was the main server-side developer for the campaign, weaving together technologies including Google’s App Engine, Django (non-rel), gaem, nginx, and Crisp‘s community management platform.
Adding a Chat application to pinax
Tuesday, 13th October, 2009
How do you add a Django application to Pinax? Below is my experience with one Django app. For some related reading see Fernando Correia’s series on Exploring Pinax and Greg Allard’s How to Write Reusable Apps for Pinax and Django.
Here I want to separate the two issues of (a) developing a Django app and (b) integrating a Django app into Pinax. This post will look at Pinax integration only, the only Django app “development” will be making sure the app is ready for integration. I am using a third-party Django application, namely jchat by Federico Cáceres, covered in his blog posts on his Django powered AJAX Chat project.
Install lxml on Mac OS X without fink or MacPorts
Thursday, 10th September, 2009
This worked for me, statically linking:
cd /tmp wget http://codespeak.net/lxml/lxml-2.2.2.tgz tar -xzvf lxml-2.2.2.tgz cd lxml-2.2.2 python setup.py build --static-deps --libxml2-version=2.7.3 --libxslt-version=1.1.24 sudo python setup.py install
I found it at stack overflow.
First steps with Pinax
Thursday, 4th June, 2009
Pinax is a web development platform built on top of Django (which is a web development framework). The point of Pinax seems to be that it gathers together and integrates a collection of django applications into one package. You install Pinax and all of a sudden you have a fully functioning ‘default’ social networking website.
Preliminaries for Mac OS X
python-mysql
I’m going to use MySQL with Django. So I need MySQL itself, and the python-mysql interface, python-mysql. If you install mysql and python-mysql from fink, this section may not be necessary.
I installed the Mac OS X MySQL from mysql.com. This meant that the python-mysql from fink didn’t work (it didn’t find mysql & started installing its own). Installing python-mysql from sourceforge didn’t work either: I got a compile error similar to this:
/usr/include/sys/types.h:92: error: duplicate ‘unsigned’ /usr/include/sys/types.h:92: error: two or more data types in declaration specifiers
From MangoOrange I found the following advice:
Step 4:
In the same folder, edit _mysql.c using your favourite text-editor4a. Remove the following lines (37-39):
#ifndef uint
#define uint unsigned int
#endif4b. Change the following:
uint port = MYSQL_PORT;
uint client_flag = 0;to
unsigned int port = MYSQL_PORT;
unsigned int client_flag = 0;
After a precautionary sudo python setup.py clean
, python-mysql will now install with the specified sudo python setup.py install
.
PIL
For photo support (e.g. uploading photos to your Pinax homepage), Pinax uses the Python Imaging Library. fink installs PIL to /sw/lib/python2.5/site-packages/PIL/ where MacOSX’s own python can’t find it. I got PIL source from http://www.pythonware.com/products/pil/ and installed that using sudo python setup.py install
.
Pinax: install and set up
There’s very little to write here. I followed the instructions and everything worked, …
… except the Locations page in the resulting website. Even here though it showed a very helpful Django error page:
Exception Type: ImproperlyConfigured Exception Value: django-locations requires a valid YAHOO_MAPS_API_KEY setting. Please register for a key at https://developer.yahoo.com/wsregapp/ and then insert your key into the settings file.
Doesn’t look like I need to worry about that for now. If I want Locations I’ll go get a key, otherwise I’ll uninstall Locations.