Discussion of Python object-relational mapper SQLObject

Matthew Wilson | 3 Sep 15:43

How do I use a postgreSQL function like date_part?

I want to do a select like this with SQLObject:

    select * from people 
    where date_part('day', createddate) = date '2008-09-01';

That query should choose people created any time on September 1st.

In SQLObject, this is what I'm doing:

    People.select("date_part('day', createddate) = date '2008-09-01'")

Is there some way to avoid using a string of raw SQL?

Matt

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Oleg Broytmann | 3 Sep 21:33

X-Face

Picon

Re: How do I use a postgreSQL function like date_part?

On Wed, Sep 03, 2008 at 01:43:54PM +0000, Matthew Wilson wrote:
> I want to do a select like this with SQLObject:
> 
>     select * from people 
>     where date_part('day', createddate) = date '2008-09-01';
> 
> That query should choose people created any time on September 1st.
> 
> In SQLObject, this is what I'm doing:
> 
>     People.select("date_part('day', createddate) = date '2008-09-01'")
> 
> Is there some way to avoid using a string of raw SQL?

   Something like

from sqlobject.sqbuilder import func
People.select(func.date_part('day', createddate) == '2008-09-01')

   'func' is a pretty simple object whose attributes are passed unchanged
(unquoted, unescaped) to SQL.

Oleg.
--

-- 
     Oleg Broytmann            http://phd.pp.ru/            phd <at> phd.pp.ru
           Programmers don't die, they just GOSUB without RETURN.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes

(Continue reading)

Florian Haas | 4 Sep 12:38

Storing password hashes using built-in functions like PASSWORD() (where available)

[First post to list, hello everyone!]

Hi,

I'm failing to find a solution to an issue that seems fairly commonplace
to me, so I'm assuming it's been answered before and I failed to dig up
the answer (I tried). So feel free to alert me to any resources where
this type of question has previously been answered.

I'm currently trying to figure out a way to store a password hash in a
table, allowing the password to be passed in in plain. I'd prefer to use
a built-in password hashing functions on connections that support them,
like so:

from sqlobject import *
from Crypto.Hash import SHA256
class Credential(SQLObject):
    username = StringCol(unique=True, alternateID=True)
    password = StringCol()
    def _set_password(self, newpass):
        try:
            # FIXME: update field with hash generated
            # from PASSWORD(newpass)
        except dberrors.OperationalError:
            # assume internal password function is
            # not available, do my own hashing
            hash = SHA256.new(newpass).hexdigest()
            self._SO_set_password(hash)

So the "do my own hashing" part is easily achieved. It's the use of the

(Continue reading)

Oleg Broytmann | 4 Sep 13:01

X-Face

Picon

Re: Storing password hashes using built-in functions like PASSWORD() (where available)

On Thu, Sep 04, 2008 at 12:38:02PM +0200, Florian Haas wrote:
>     def _set_password(self, newpass):
>         try:
>             # FIXME: update field with hash generated
>             # from PASSWORD(newpass)

   The problem with this approach is that when you set (UPDATE) an
attribute (SQL field) SQLObject caches the values so it doesn't need to ask
SQL every time. Unfortunately when you set an attribute using SQL function,
there is no value to cache. You have to turn off SQLObject caching for the
class (table).
   This example works for me:

class Test(SQLObject):
   class sqlmeta:
      cacheValues = False
   s = StringCol()

Test.createTable()

t = Test(s='')
t.s = func.upper('oops!')
print t.s

   and prints "OOPS!". But remember - with caching turned off SQLObject
issues a separate SELECT for every attribute access.

Oleg.
--

-- 
     Oleg Broytmann            http://phd.pp.ru/            phd <at> phd.pp.ru

(Continue reading)

Florian Haas | 4 Sep 13:32

Re: Storing password hashes using built-in functions like PASSWORD() (where available)

Oleg,

precisely what I was looking for. Thank you very much!

Cheers,
Florian

Oleg Broytmann wrote:
> On Thu, Sep 04, 2008 at 12:38:02PM +0200, Florian Haas wrote:
>>     def _set_password(self, newpass):
>>         try:
>>             # FIXME: update field with hash generated
>>             # from PASSWORD(newpass)
> 
>    The problem with this approach is that when you set (UPDATE) an
> attribute (SQL field) SQLObject caches the values so it doesn't need to ask
> SQL every time. Unfortunately when you set an attribute using SQL function,
> there is no value to cache. You have to turn off SQLObject caching for the
> class (table).
>    This example works for me:
> 
> class Test(SQLObject):
>    class sqlmeta:
>       cacheValues = False
>    s = StringCol()
> 
> Test.createTable()
> 
> t = Test(s='')
> t.s = func.upper('oops!')

(Continue reading)

Matthew Wilson | 4 Sep 14:49

Re: How do I use a postgreSQL function like date_part?

On Wed 03 Sep 2008 03:33:23 PM EDT, Oleg Broytmann wrote:
> On Wed, Sep 03, 2008 at 01:43:54PM +0000, Matthew Wilson wrote:
>> I want to do a select like this with SQLObject:
>> 
>>     select * from people 
>>     where date_part('day', createddate) = date '2008-09-01';
>> 
>> That query should choose people created any time on September 1st.
>> 
>> In SQLObject, this is what I'm doing:
>> 
>>     People.select("date_part('day', createddate) = date '2008-09-01'")
>> 
>> Is there some way to avoid using a string of raw SQL?
>
>    Something like
>
> from sqlobject.sqbuilder import func
> People.select(func.date_part('day', createddate) == '2008-09-01')
>
>    'func' is a pretty simple object whose attributes are passed unchanged
> (unquoted, unescaped) to SQL.
>
> Oleg.

Oleg -- thanks so much for the help.  You're a fantastic benefit to the
SQLObject community.

Matt

(Continue reading)

Oleg Broytmann | 4 Sep 15:45

X-Face

Picon

Re: SQLObject (was: How do I use a postgreSQL function like date_part?)

On Thu, Sep 04, 2008 at 12:49:11PM +0000, Matthew Wilson wrote:
> Oleg -- thanks so much for the help.  You're a fantastic benefit to the
> SQLObject community.

   Thank you! Unfortunately these days I don't have much spare time to do
real work on SQLObject, and I don't know if I will have more time this
autumn. :(

Oleg.
--

-- 
     Oleg Broytmann            http://phd.pp.ru/            phd <at> phd.pp.ru
           Programmers don't die, they just GOSUB without RETURN.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Florian Haas | 4 Sep 20:59

Re: Storing password hashes using built-in functions like PASSWORD() (where available)

Hello,

I have to follow up on this as I'm running into something that makes me
feel totally stupid.

Here's how I implemented this:

class Credential(SQLObject):
    class sqlmeta:
        # necessary for the _set_passwd magic defined below
        cacheValues = False
    username = StringCol(alternateID=True, unique=True)
    passwd = StringCol()
    def _set_passwd(self, value):
        # if the database has a built-in password hashing function,
        # use it. Otherwise, store a SHA256 password hash
        try:
            self._SO_set_passwd(func.PASSWORD(value))
        except:
            digest = SHA256.new(value).hexdigest()
            self._SO_set_passwd(digest)

So, thanks to Oleg's suggestions, this happily applies PASSWORD() when
running on MySQL. Beautiful.

However, on a platform without PASSWORD() (tried sqlite), this happens:

>>> c = Credential(username="foo", passwd="bar")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>

(Continue reading)

Oleg Broytmann | 4 Sep 21:20

X-Face

Picon

Re: Storing password hashes using built-in functions like PASSWORD() (where available)

On Thu, Sep 04, 2008 at 08:59:55PM +0200, Florian Haas wrote:
> class Credential(SQLObject):
>     class sqlmeta:
>         # necessary for the _set_passwd magic defined below
>         cacheValues = False
>     username = StringCol(alternateID=True, unique=True)
>     passwd = StringCol()
>     def _set_passwd(self, value):
>         # if the database has a built-in password hashing function,
>         # use it. Otherwise, store a SHA256 password hash
>         try:
>             self._SO_set_passwd(func.PASSWORD(value))
>         except:
>             digest = SHA256.new(value).hexdigest()
>             self._SO_set_passwd(digest)
> 
> So, thanks to Oleg's suggestions, this happily applies PASSWORD() when
> running on MySQL. Beautiful.
> 
> However, on a platform without PASSWORD() (tried sqlite), this happens:
> 
> >>> c = Credential(username="foo", passwd="bar")
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
>   [rest of stack trace...]
>   File
> "/usr/lib/python2.5/site-packages/sqlobject/sqlite/sqliteconnection.py",
> line 183, in _executeRetry
>     raise OperationalError(ErrorMessage(e))
> sqlobject.dberrors.OperationalError: no such function: PASSWORD

(Continue reading)

Florian Haas | 4 Sep 21:41

Re: Storing password hashes using built-in functions like PASSWORD() (where available)

Oleg Broytmann wrote:
>    When the object is being created SQLObject doesn't set attributes one
> by one - it collects all name/value pairs and then issues one INSERT query.
> I.e., self._SO_set_passwd(func.PASSWORD(value)) doesn't access the SQL
> backend and hence doesn't raise an exception; the exception is raised later,
> when SQLObject really does INSERT.
>    See main.py, method _SO_setValue() for details:
> 
>         if self.sqlmeta._creating:
>             self._SO_createValues[name] = dbValue
>             return
> 
>    (I simplified the real code a bit to stress the important points.)
> 
>    self._SO_set_passwd(func.PASSWORD(value)) will issue an immediate UPDATE
> on any subsequent attribute assignment and your try/except will catch it.
> 
>    So for your magic to work you should create an object without a password
> and then update the password:
> 
> c = Credential()
> c.password = 'password'
> 
>    Change 'passwd' to StringCol(default=None).
> 
> Oleg.

That almost did it; I also had to specifically cater for _set_passwd
receiving "None".

(Continue reading)

Group

gmane.comp.python.sqlobject.

Project Web Page

Discussion of Python object-relational mapper SQLObject

Search Archive

Page

1 | 2 | 3 | 4

Articles in period: 37

September 2008

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Closing connection (1 Feb 14:53)
troubles with unicode (29 Jan 11:06)
Reference to one of multiple tables (29 Dec 19:35)
Fwd: Reference to one of multiple tables (29 Dec 00:25)
Reference to one of multiple tables (28 Dec 22:30)
Application Design Question (10 Dec 23:47)
SQLObject 1.2.1 (4 Dec 18:24)
SQLObject 1.1.4 (4 Dec 18:20)
SQLObject 1.2.0 (20 Nov 13:17)
SQLObject 1.2.0b1-py2.7 (12 Nov 14:34)
SQLObject 1.2.0b1 (5 Nov 15:52)
Fixing debian bug 605185 (1 Nov 14:59)
psycopg2 autocommit fix missing from stable (1 Nov 14:55)
SQLObject 1.1.3 (30 Aug 18:03)
SQLObject 1.0.3 (30 Aug 18:02)
update and CONCAT (21 Aug 01:15)
Storing object from same table (13 Aug 15:43)
Vacation (9 Aug 17:43)
SQLObject 1.1.2 (8 Aug 15:17)
SQLObject 1.0.2 (8 Aug 15:16)
only q-values in sqlbuilder Select? (25 Jul 07:01)

Archives

5	February 2012
12	January 2012
16	December 2011
17	November 2011
12	August 2011
29	July 2011
9	June 2011
27	May 2011
26	April 2011
36	March 2011
44	February 2011
15	January 2011
30	December 2010
11	November 2010
26	October 2010
12	September 2010
23	August 2010
37	July 2010
13	June 2010
14	May 2010
71	April 2010
23	March 2010
63	February 2010
24	January 2010
11	December 2009
10	November 2009
20	October 2009
38	September 2009
57	August 2009
36	July 2009
30	June 2009
38	May 2009
19	April 2009
22	March 2009
46	February 2009
69	January 2009
65	December 2008
41	November 2008
37	October 2008
21	September 2008
30	August 2008
66	July 2008
31	June 2008
82	May 2008
69	April 2008
55	March 2008
139	February 2008
82	January 2008
54	December 2007
137	November 2007
101	October 2007
31	September 2007
81	August 2007
118	July 2007
82	June 2007
129	May 2007
120	April 2007
115	March 2007
102	February 2007
152	January 2007
135	December 2006
128	November 2006
330	October 2006
142	September 2006
161	August 2006
94	July 2006
160	June 2006
254	May 2006
218	April 2006
228	March 2006
157	February 2006
235	January 2006
235	December 2005
315	November 2005
466	October 2005
303	September 2005
336	August 2005
265	July 2005
166	June 2005
193	May 2005
152	April 2005
145	March 2005
258	February 2005
264	January 2005
177	December 2004
169	November 2004
60	October 2004
78	September 2004
65	August 2004
52	July 2004
67	June 2004
65	May 2004
88	April 2004
123	March 2004
92	February 2004
38	January 2004
61	December 2003
95	November 2003
85	October 2003
88	September 2003
64	August 2003
129	July 2003
107	June 2003
206	May 2003
204	April 2003
43	March 2003
2	February 2003

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template