cs6
play

CS6 Practical System Skills Fall 2019 edition Leonhard - PowerPoint PPT Presentation

Oct 29, 2023 •298 likes •640 views

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu Midterm results & Logistics Midterm I average: 78.8% Midterm II average: 83% Final project presentations on 15th Dec @ CIT 3pm - 5pm

  1. CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

  2. Midterm results & Logistics ⇒ Midterm I average: 78.8% ⇒ Midterm II average: 83% ⇒ Final project presentations on 15th Dec @ CIT 3pm - 5pm → room to be defined → 15 min presentation + 10 min questions → Your TA is there to help you. 2 / 33

  3. 21 Practical Flask CS6 Practical System Skills Fall 2019 Leonhard Spiegelberg lspiegel@cs.brown.edu

  4. All examples available at github.com/browncs6/FlaskExamples

  5. 21.01 User logins in flask ⇒ Website often need to authenticate users, there are several packages available to help achieve this in Flask - flask_login helps to guard routes/require user login for them. - Werkzeug tool to help with hashing password. - itsdangerous generates safe tokens, e.g. for account confirmation or expiring links ⇒ Following slides are based on Chapter 8-9, Flask book 5 / 33

  6. 21.02 Login system via Flask How to store user login information? User + passwd? ⇒ Don't store clear passwords! ⇒ Instead store a hash computed via hash(password + salt) Some crytographic secure hash function user supplied password random value, added (use a well-tested library) for each password 6 / 33

  7. 21.03 Password hashing via werkzeug from werkzeug.security import generate_password_hash from werkzeug.security import check_password_hash h = generate_password_hash ('secret password') # Result h looks similar to this # pbkdf2:sha256:150000$QmqUMoy8$f8de105257426cbfb533f9db8ecf85921cd544 541ec2df2def8d8ea123b83fc2 check_password_hash (h, 'secret password') method salt hash(salt + passwd) used pbkdf2:sha256:150000$QmqUMoy8$f8de105257426cbfb5... 7 / 33

  8. 21.04 Properties in Python ⇒ Often we want to assign / get values. Not necessarily does a value need to be represented by a member variable always. ⇒ A wide-spread pattern used is a pair of a getter and a setter function. ⇒ using getters/setters allows to use patterns like 1. lazy computation 2. enforcing constraints 3. avoiding redundancy 8 / 33

  9. 21.04 Properties in Python class Pokemon: def __init__(self, name): self.name = name self.setCategory('unknown') def __repr__(self): return '{}[{}]'.format(self.name, self.category) def getCategory(self): return self._category def setCategory(self, category): self._category = category allows us to call the category = property(getCategory, setCategory) getter/setter via .category or .category = ... 9 / 33

  10. 21.04 Properties in Python with decorators ⇒ instead of using property(...) , you can also use @property and @value.setter to declare them class Pokemon: def __init__(self, name): self.name = name self.category = 'unknown' def __repr__(self): return '{}[{}]'.format(self.name, self.category) @property def category(self): note the naming convention return self._category here @category.setter def category(self, category): self._category = category 10 / 33

  11. 21.05 A simple password model w. properties class User(db.Model): id = db.Column(db.Integer(), primary_key=True) password_hash = db.Column(db.String(128)) @property def password(self): raise AttributeError('password is write-only') @password.setter def password(self, password): self.password_hash = generate_password_hash(password) def verify_password(self, password): return check_password_hash(self.password_hash, password) 11 / 33

  12. 21.06 Flask_login ⇒ Flask extension which helps to protect routes & automate everything related to user authentication ⇒ documentation: https://flask-login.readthedocs.io/en/latest/ ⇒ support for remember_me cookies builtin ⇒ protect routes by adding @login_required decorator! E.g., @app.route('/') @login_required def index(): return 'Hello world' 12 / 33

  13. 21.07 Flask login ⇒ Setup a default path which is displayed to login, via login_view from flask_login import LoginManager, login_required, login_user, logout_user app = Flask(__name__) login_manager = LoginManager(app) login_manager.login_view = 'login' # route or function where login occurs... @app.route('/login') def login(): ... user = User(...) login_user(user, remember=True) ... @app.route('/') @login_required def index(): 13 / 33 ...

  14. 21.07 Flask login user model ⇒ flask login requires a user class to implement several properties/methods: ⇒ derive from UserMixin class to implement useful defaults True if user has valid credentials, False is_authenticated otherwise True if user is allowed to login (i.e. use to is_active confirm an account or block it) False for regular users, True for special is_anonymous anonymous user must return a unique identifier for each get_id() user, encoded as str 14 / 33

  15. 21.07 Flask login user model UserMixin adds required class User(UserMixin, db.Model): properties to User class so it can be used with login_user id = db.Column(db.Integer(), primary_key=True) and logout_user email = db.Column(db.String(64), unique=True, index=True) username = db.Column(db.String(64), unique=True, index=True) password_hash = db.Column(db.String(128)) @property def password(self): raise AttributeError('password is write-only') @password.setter def password(self, password): self.password_hash = generate_password_hash(password) def verify_password(self, password): return check_password_hash(self.password_hash, password) 15 / 33

  16. 21.07 Writing the login logic @app.route('/login', methods=['GET', 'POST']) query user info via def login(): SQLalchemy form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user is not None and \ password check user.verify_password(form.password.data): login_user(user, form.remember_me.data) login return redirect(url_for('secret_page')) flash('invalid username or password.') return render_template('login.html', form=form) 16 / 33

  17. Demo!

  18. Deploying Flask

  19. 21.08 Why do we care? * Serving Flask app "login" (lazy loading) * Environment: production WARNING: Do not use the development server in a production environment. Use a production WSGI server instead. * Debug mode: on * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit) * Restarting with stat ⇒ Flask's builtin webserver is provided for development purposes only . ⇒ Serves one request at a time. What about multiple ones? 19 / 33

  20. 21.06 WSGI WSGI = Web Server Gateway Interface (pronounce: whiskey) ⇒ There are multiple python frameworks (e.g. Flask, Django, Tornado, …) and multiple options for production servers (e.g. Gunicorn, uWSGI, Gevent, Twisted Web, …) ⇒ WSGI is a standard protocol/interface for a production web server to communicate with your web application. 20 / 33

  21. 21.06 Web production serves ⇒ There exist multiple production webservers for a web application written in Python, we'll be using gunicorn (Green unicorn) ⇒ easiest way to deploy flask, is to run gunicorn project:app name of your application, e.g. the app object created here project.py via Flask(__name__) or project/ More information: flask.palletsprojects.com/en/1.1.x/deploying/wsgi-standalone/ 21 / 33

  22. 21.06 Gunicorn - options ⇒ Gunicorn provides many options (check via -h / --help ), most important are specify how many worker processes to use -w 4 Formula: 2 * CPU cores + 1 (long option: --worker ) specify to which address/port to bind -b 127.0.0.1:4000 (long option: --bind ) set environment variable key to value -e key=value (long option: --env ) 22 / 33

  23. 21.07 The pain of actual deployment When trying to deploy an actual application, it's a pain because - Multiple frameworks, multiple versions, … Version - different compiler versions, OS versions, ... ⇒ How to package, how to deploy? ⇒ two popular solutions - Virtual Machines - Containers → we'll be using containers! 23 / 33

  24. 21.08 Docker ⇒ allows to package applications with all dependencies| into an image ⇒ run via "lightweight virtual machine", however uses less space and memory than a real VM because OS is shared amongst multiple containers 24 / 33

  25. 21.09 Creating a container ⇒ containers/images are defined via a Dockerfile ⇒ general usage: docker COMMAND PARAMS → docker COMMAND --help to get help for COMMAND ⇒ to create image from a Dockerfile stored in . use docker build -t login:latest . specify a name and tag for this image, format is name:tag 25 / 33

  26. 21.10 Listing & running images ⇒ to get an overview of created images, use docker images ⇒ to start an image use docker run IMAGE → there are multiple helpful options when starting a container → quit via Ctrl + C or docker stop CONTAINER → to get list of running containers, use docker ps 26 / 33

  27. 21.11 Running containers remove container when stopped (else you --rm need to use docker rm IMAGE ) pass environment variable to container --env ENV / -e ENV ⇒ use this for passwords, config etc. map local_port to container_port -p <local_port>:<container_port> --publish <local_port>:<container_port> give container a name --name NAME mount a volume, i.e. make local_path available -v <local_path>:<container_path> within container under container_path --volume <local_path>:<container_path> 27 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

trans: Name Redaction &amp; RFC6962-bis Eran Messeri, Google, eranm@google.com Definition: Name

trans: Name Redaction &amp; RFC6962-bis Eran Messeri, Google, eranm@google.com Definition: Name

trans: Name Redaction &amp; RFC6962-bis Eran Messeri, Google, eranm@google.com Definition: Name Redaction The ability to avoid publishing domain names, in whole or partially, in Certificate Transparency logs. Name redaction: Missing goals

248 views • 7 slides
Moving to client-side hashing for online authentication Enka Blanchard 1 Xavier Coquand 2 Ted

Moving to client-side hashing for online authentication Enka Blanchard 1 Xavier Coquand 2 Ted

Moving to client-side hashing for online authentication Enka Blanchard 1 Xavier Coquand 2 Ted Selker 3 Digitrust, Loria, Universit e de Lorraine, www.koliaza.com Bsecure, Paris University of Maryland, Baltimore County 9th International

1.02k views • 18 slides
DEXCALIBUR AUTOMATE YOUR ANDROID APP REVERSE Or hooking for dummies

DEXCALIBUR AUTOMATE YOUR ANDROID APP REVERSE Or hooking for dummies

DEXCALIBUR AUTOMATE YOUR ANDROID APP REVERSE Or hooking for dummies https://github.com/FrenchYeti/dexcalibur.git WHO AM I ? GEORGES-B. MICHEL @FrenchYeti yeti@0xff.ninja Aka @FrenchYeti Software Security Evaluator at Thales Day

925 views • 77 slides
Heaven Applauds You 5 Now when Jesus saw the crowds, he went up on a mountainside and sat down.

Heaven Applauds You 5 Now when Jesus saw the crowds, he went up on a mountainside and sat down.

Heaven Applauds You 5 Now when Jesus saw the crowds, he went up on a mountainside and sat down. His disciples came to him, 2 and he began to teach them. He said: 3 Blessed are the poor in spirit, for theirs is the kingdom of heaven. 4

842 views • 12 slides
An Introduction to by Erik Johnson What is Salt? Remote Execution Run commands or

An Introduction to by Erik Johnson What is Salt? Remote Execution Run commands or

An Introduction to by Erik Johnson What is Salt? Remote Execution Run commands or functions on many hosts at once Receive results asynchronously as each host returns data to the master Uses the ZeroMQ messaging library

929 views • 34 slides
Making Password Checking Systems Be7er Tom Ristenpart Covering

Making Password Checking Systems Be7er Tom Ristenpart Covering

Making Password Checking Systems Be7er Tom Ristenpart Covering joint work with: Anish Athayle, Devda&lt;a Akawhe, Joseph Bonneau, Rahul Cha&lt;erjee, Adam

414 views • 30 slides
Modeling and Solving the Mixing of Liquids Bernd Schr oder logo1 Bernd Schr oder

Modeling and Solving the Mixing of Liquids Bernd Schr oder logo1 Bernd Schr oder

Overview An Example Double Check Units Reprised Modeling and Solving the Mixing of Liquids Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College of Engineering and Science Modeling and Solving the Mixing of Liquids

975 views • 68 slides
Salt intake and the risk of heart failure Pekka Jousilahti, MD, PhD, Research Professor et Kennet

Salt intake and the risk of heart failure Pekka Jousilahti, MD, PhD, Research Professor et Kennet

Salt intake and the risk of heart failure Pekka Jousilahti, MD, PhD, Research Professor et Kennet Harald, Antti Jula, Tiina Laatikainen, Satu Mnnist, Markku Peltonen, Markus Perola, Pekka Puska, Veikko Salomaa, Jaakko Tuomilehto, Liisa Valsta

305 views • 6 slides
Critical Reasoning for Beginners: week one Marianne Talbot Department for Continuing Education

Critical Reasoning for Beginners: week one Marianne Talbot Department for Continuing Education

Critical Reasoning for Beginners: week one Marianne Talbot Department for Continuing Education University of Oxford Michaelmas 2009 Today we shall be looking at: (i) the nature of arguments (ii) how to recognise arguments

566 views • 24 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
CIDA funded ICCIDD GN Project: Sustained Elimina&lt;on of

CIDA funded ICCIDD GN Project: Sustained Elimina&lt;on of

CIDA funded ICCIDD GN Project: Sustained Elimina&lt;on of IDD in Bangladesh, Ethiopia, Ghana, Sudan and Tanzania Focus on SUDAN CIDA supported

112 views • 7 slides
Ambiguity and the Lexicon in Natural Language Informatics 2A: Lecture 12 2 The Lexicon Word

Ambiguity and the Lexicon in Natural Language Informatics 2A: Lecture 12 2 The Lexicon Word

Ambiguity in Language Ambiguity in Language The Lexicon The Lexicon 1 Ambiguity in Language Derivations and Structural Ambiguity Dealing with Ambiguity Ambiguity and the Lexicon in Natural Language Informatics 2A: Lecture 12 2 The Lexicon

100 views • 6 slides
Ambiguity and the Lexicon in Natural Language 2 The Lexicon Informatics 2A: Lecture 12 Closed vs.

Ambiguity and the Lexicon in Natural Language 2 The Lexicon Informatics 2A: Lecture 12 Closed vs.

Ambiguity in Language Ambiguity in Language The Lexicon The Lexicon Semantic Ambiguity: Scope and Reference Semantic Ambiguity: Scope and Reference 1 Ambiguity in Language Structural Ambiguity Types of Ambiguity Ambiguity and the Lexicon in

181 views • 5 slides
Excursion 5 Tours I &amp; II: Power: Pre-data, Post-data &amp; How not to corrupt power A

Excursion 5 Tours I &amp; II: Power: Pre-data, Post-data &amp; How not to corrupt power A

Excursion 5 Tours I &amp; II: Power: Pre-data, Post-data &amp; How not to corrupt power A salutary effect of power analysis is that it draws one forcibly to consider the magnitude of effects. In psychology, and especially in soft psychology,

1.03k views • 52 slides
Quasi-Reliable Estimates of Effective Sample Size Robert Skeel Purdue University / Arizona State

Quasi-Reliable Estimates of Effective Sample Size Robert Skeel Purdue University / Arizona State

Quasi-Reliable Estimates of Effective Sample Size Robert Skeel Purdue University / Arizona State University July 20, 2016 with Youhan Fang and Yudong Cao Evaluating Performance of MCMC Methods Statistician Charles Geyer (1992): It would

567 views • 54 slides
Session Transcript: 07-07-2020 Yoga Alliance - CE Workshop | Yoga Philosophy Closed Captioning/

Session Transcript: 07-07-2020 Yoga Alliance - CE Workshop | Yoga Philosophy Closed Captioning/

Session Transcript: 07-07-2020 Yoga Alliance - CE Workshop | Yoga Philosophy Closed Captioning/ Transcript Disclaimer Closed captioning and/or transcription is being provided solely for the convenience of our viewers. Yoga Alliance does not

108 views • 10 slides
Fighting against theft, cloning and counterfeiting of integrated circuits Lilian Bossuet Associate

Fighting against theft, cloning and counterfeiting of integrated circuits Lilian Bossuet Associate

Fighting against theft, cloning and counterfeiting of integrated circuits Lilian Bossuet Associate Professor, head of the secure embedded system group University of Lyon, Jean Monnet University, Saint-Etienne Laboratoire Hubert Curien CNRS

878 views • 64 slides
An Introduction to Analysing Qualitative Data PAUL GREENBANK CENTRE FOR LEARNING AND TEACHING

An Introduction to Analysing Qualitative Data PAUL GREENBANK CENTRE FOR LEARNING AND TEACHING

An Introduction to Analysing Qualitative Data PAUL GREENBANK CENTRE FOR LEARNING AND TEACHING Before we begin Qualitative data comes in many different forms It is worth emphasising that effective analysis is pointless if we do not

499 views • 14 slides
I believe that in all men's lives at certain periods, and in many men's lives at all periods

I believe that in all men's lives at certain periods, and in many men's lives at all periods

I believe that in all men's lives at certain periods, and in many men's lives at all periods between infancy and extreme old age, one of the most dominant elements is the desire to be inside the C.S. Lewis local Ring and the terror of

558 views • 18 slides
ACCC v Flight Centre Alice Muhlebach 8 March 2017 1 Overview The role of market definition

ACCC v Flight Centre Alice Muhlebach 8 March 2017 1 Overview The role of market definition

Market definition in ACCC v Flight Centre Alice Muhlebach 8 March 2017 1 Overview The role of market definition in this case key statutory provisions The market definitions adopted at first instance, by the Full Court, and by the

323 views • 11 slides
of lo of low sc w school hool ac achie hiever ers s Chris Ryan Tuesday, 25 July 2017

of lo of low sc w school hool ac achie hiever ers s Chris Ryan Tuesday, 25 July 2017

MELBOURNE INSTITUTE Applied Economic &amp; Social Research La Labou bour mar market et outc outcomes omes of lo of low sc w school hool ac achie hiever ers s Chris Ryan Tuesday, 25 July 2017 Page 1 Low literacy skills study

488 views • 17 slides
Q3 2010 CONFERENCE CALL C O R P O R A T E P A R T I C I P A N T S Viki Lazaris Caution

Q3 2010 CONFERENCE CALL C O R P O R A T E P A R T I C I P A N T S Viki Lazaris Caution

Q3 2010 CONFERENCE CALL C O R P O R A T E P A R T I C I P A N T S Viki Lazaris Caution Regarding Forward-Looking Statements BMO Financial Group Bank of Montreals public communications often include written or oral forward-looking SVP, IR

366 views • 23 slides
Webinar Taking accounts Sarah Haren and Rose Fetherstonhaugh 22 nd June 2020 www.5sblaw.com

Webinar Taking accounts Sarah Haren and Rose Fetherstonhaugh 22 nd June 2020 www.5sblaw.com

Webinar Taking accounts Sarah Haren and Rose Fetherstonhaugh 22 nd June 2020 www.5sblaw.com 22 June 2020 Taking accounts Taking accounts-context Process of enforcing, by court order, fiduciarys obligation to account for his

405 views • 17 slides
The future of monetary policy Speech given by Charlie Bean, Deputy Governor for Monetary Policy,

The future of monetary policy Speech given by Charlie Bean, Deputy Governor for Monetary Policy,

The future of monetary policy Speech given by Charlie Bean, Deputy Governor for Monetary Policy, Bank of England London School of Economics 20 May 2014 All speeches are available online at

234 views • 19 slides

More recommend