Quixote for Web Development
Using SCGI as implemented by the Apache module mod_scgi or by lighttpd. Quixote-based applications run as a daemon process, and the web server sends HTTP requests to the daemon as they're received. The SCGI daemon can be started and stopped independently of web server, making it easy to upgrade application code without affecting other operations on the Web site. We believe this is the architecture with the highest performance. (FastCGI employs a similar architecture, but the FastCGI protocol's greater complexity makes it less reliable.)
可以通过Apache httpd 的mod_scgi模块或者使用lighttpd. 基于Quixote框架的应用将作为一个守护进程。当web server获得http请求的时候,它就会把请求转发给这个守护进程。SCGI可以独立于web server开始或者停止,这样做可以确保对于单独应用的更新不会影响到运行在同一web server上的其他网站。我们确信这种架构的性能最好(FastCGI 使用了一个类似的架构,但是FastCGI的协议更复杂,实现的难度更大)
HTML Templating
HTML 模板机制
Quixote provides its own solution for HTML generation called Python Template Language (PTL). (Using PTL in Quixote applications is optional.)
Quixote 提供了生成HTML代码的解决方案:Python Template Language(PTL)(Quixote中使用PTL是可选的)
PTL applies Python's syntax to generating HTML. In a PTL template, expression results and literal strings are automatically assembled into a function's output. Here is an example PTL function:
PTL 使用Python的语法生成HTML. 在PTL中,expression 结果同字符串是自动加在一个函数的输出中的,这里是PTL的一个示例:
def format_row [html] (head, value):
"<tr valign=top align=left>\n"
" <th align=left>%s</th>\n" % head
" <td>%s</td>\n" % value
"</tr>\n"
The function is marked as being written in PTL by the [html] annotation in the function's definition. This function can be written and saved in a file whose name ends in ".ptl". Such ".ptl" files can then be imported using Python's import statement, and the template can be invoked just like a regular Python function. For example, you might code:
这个函数展示了html标记如何通过PTL以函数形式定义。并保存成后缀名为".ptl"的文件。".ptl"文件可以使用python的import语句import到python程序中,并且可以按照正常的python程序一样被调用。例如:
import util_templates
def output [html] (request):
...
"<table>"
for heading, value in data:
util_templates.format_row(heading, value)
"</table>"
PTL's HTML templating can automatically escape special characters such as '<' and '&' in strings originating from the client browser or from a database. Proper use of this feature can avoid a class of security vulnerability called "cross-site scripting attacks". In a cross-site scripting attack, a hostile user can insert arbitrary HTML in a web application's output that can link to other sites or contain harmful JavaScript code.
PTL HTML模板机制可以自动转义由客户端浏览器或者数据库提交的一些特殊的字符,例如:'<'或者'&'。合理的使用这个机制可以避免一种被称为"跨站脚本攻击" 的安全隐患。在跨站脚本攻击中,不良用户可以通过在web application输出中加入一些特定的HTML代码,使得自动跳转到其他的链接,或者包含了有害的javaScript代码。
Alternative templating syntaxes can also be used. Several different syntaxes have been implemented as Python packages; because Quixote makes it easy to use third-party Python packages, you can support any templating syntax you wish.
也可以使用其他的模板语法机制,它们都是通过python packages的形式被应用到python程序中的。Python目前已经支持了多种语法机制。因为Quixote可以方便的添加第三方的Python packages,所以你可以自主选择它们。
Quixote's Advantages
Quixote的优点
Simplicity
简单
Quixote is not a large framework that tries to subsume every conceivable Web development task, instead striving for flexibility. Quixote handles the details of interfacing with the web server such as parsing form request variables and processing uploaded files, and provides mechanism through which new features such as session tracking can be implemented.
Quixote不是一个大的框架,并且也不试图包含在web开发中每一个可能遇到的任务,相反,Quixote努力做到足够的灵活。Quixote包含了一些同服务器底层借口相关的操作,例如从提交的表单中分解变量,处理上传文件,并且提供一些新的功能例如session tracking的底层实现。
This makes Quixote easy to learn for experienced Python programmers because their existing skills, acquired by writing Python programs and scripts, can also be applied to writing Web applications with Quixote. Novice programmers can also learn Quixote and once learned, their new-found skills can be applied to other Python programming tasks.
这使得Quixote非常适合于有经验的Python程序员学习,因为他们现有的有关于编写Python程序或者脚本的技能,同样适用于编写web应用程序。初学者一样可以学习使用Quixote,并且一旦掌握了Quixote,他们新学到的一些技巧将童谣适用于其他Python的编程任务。
(A series of Quixote tutorials can be found at http://www.quixote.ca/learn/.)
By staying within the main stream of Python design practice, Quixote makes it easy to use third-party modules in Quixote-based applications. External packages such as the Reportlab Toolkit(PDF file generation), ZODB (an object database), or mxODBC (access to relational databases) can be used from Quixote without difficulty.
作为主流的Python设计实践,在Quixote使用第三方的模块非常的方便。一些packages,诸如:
the Reportlab Toolkit: PDF文件生成
ZODB:一个面向对象的数据库
mxODBC: 关系型数据库
都可以在Python中使用。
Performance
性能
Quixote imposes very low overhead on each HTTP transaction, meaning that performance can be quite good even on inexpensive hardware. For example, one benchmark found that Quixote and SCGI can achieve 75 requests/second on a lowly Pentium 200! On a more current machine with an Athlon XP 1700+ processor, this combination has been measured at 425 requests/second.
Quixote 在处理HTTP交互中引起的额外代价非常小,这意味着Quixote在那些并非由昂贵的硬件搭建的服务器上的表现依然可以很好。例如:在一项基准测试中,运行在P2最低配置的机器上,Quixote同SCGI仍然可以达到75requests/second, 在Athlon XP 1700+ 处理器上,Quixote同SCGI的组合可以达到425requests/second
Security
安全
Quixote is relatively small, consisting of almost 7,000 lines of Python code. Only 2,500 lines of this contains the core publishing code; that's relatively small, making it possible to carefully read through the code and audit it for security vulnerabilities.
Quixote非常的小,只包含总共大约7000行Python代码。 其中只有2500行包含core publishing code,因为Quixote的源代码非常小,所以你尽可以通过认真阅读所有源程序,然后重新修改Quixote,以保证更好的安全性。
Quixote also requires the developer to explicitly specify which Python functions can be accessed from the web browser. This makes it unlikely that private functions will be accidentally made available.
Quixote 也需要开发者明确指出哪些Python函数可以被浏览器直接访问到,这样保证了私有函数不会暴露。
Quixote Availability
Quixote 的适用范围
Quixote runs on several Unix variants (Linux, FreeBSD, Apple MacOS X) and on Microsoft Windows.
Quixote 可以运行在Unix及其变种(Linux, FreeBSD, Apple MacOS X) 以及Windows平台。
A partial list of the HTTP servers supported by Quixote includes Apache (optionally using SCGI, mod_fastcgi, or CGI), Microsoft IIS, AOLServer, Medusa, and Twisted Python.
服务器支持包括
Apache(SCGI, mod_fastcgi, CGI)
IIS
AOLServer
Medusa
Twisted Python
可以通过Apache httpd 的mod_scgi模块或者使用lighttpd. 基于Quixote框架的应用将作为一个守护进程。当web server获得http请求的时候,它就会把请求转发给这个守护进程。SCGI可以独立于web server开始或者停止,这样做可以确保对于单独应用的更新不会影响到运行在同一web server上的其他网站。我们确信这种架构的性能最好(FastCGI 使用了一个类似的架构,但是FastCGI的协议更复杂,实现的难度更大)
 |
SCGI |
HTML Templating
HTML 模板机制
Quixote provides its own solution for HTML generation called Python Template Language (PTL). (Using PTL in Quixote applications is optional.)
Quixote 提供了生成HTML代码的解决方案:Python Template Language(PTL)(Quixote中使用PTL是可选的)
PTL applies Python's syntax to generating HTML. In a PTL template, expression results and literal strings are automatically assembled into a function's output. Here is an example PTL function:
PTL 使用Python的语法生成HTML. 在PTL中,expression 结果同字符串是自动加在一个函数的输出中的,这里是PTL的一个示例:
def format_row [html] (head, value):
"<tr valign=top align=left>\n"
" <th align=left>%s</th>\n" % head
" <td>%s</td>\n" % value
"</tr>\n"
The function is marked as being written in PTL by the [html] annotation in the function's definition. This function can be written and saved in a file whose name ends in ".ptl". Such ".ptl" files can then be imported using Python's import statement, and the template can be invoked just like a regular Python function. For example, you might code:
这个函数展示了html标记如何通过PTL以函数形式定义。并保存成后缀名为".ptl"的文件。".ptl"文件可以使用python的import语句import到python程序中,并且可以按照正常的python程序一样被调用。例如:
import util_templates
def output [html] (request):
...
"<table>"
for heading, value in data:
util_templates.format_row(heading, value)
"</table>"
PTL's HTML templating can automatically escape special characters such as '<' and '&' in strings originating from the client browser or from a database. Proper use of this feature can avoid a class of security vulnerability called "cross-site scripting attacks". In a cross-site scripting attack, a hostile user can insert arbitrary HTML in a web application's output that can link to other sites or contain harmful JavaScript code.
PTL HTML模板机制可以自动转义由客户端浏览器或者数据库提交的一些特殊的字符,例如:'<'或者'&'。合理的使用这个机制可以避免一种被称为"跨站脚本攻击" 的安全隐患。在跨站脚本攻击中,不良用户可以通过在web application输出中加入一些特定的HTML代码,使得自动跳转到其他的链接,或者包含了有害的javaScript代码。
Alternative templating syntaxes can also be used. Several different syntaxes have been implemented as Python packages; because Quixote makes it easy to use third-party Python packages, you can support any templating syntax you wish.
也可以使用其他的模板语法机制,它们都是通过python packages的形式被应用到python程序中的。Python目前已经支持了多种语法机制。因为Quixote可以方便的添加第三方的Python packages,所以你可以自主选择它们。
Quixote's Advantages
Quixote的优点
Simplicity
简单
Quixote is not a large framework that tries to subsume every conceivable Web development task, instead striving for flexibility. Quixote handles the details of interfacing with the web server such as parsing form request variables and processing uploaded files, and provides mechanism through which new features such as session tracking can be implemented.
Quixote不是一个大的框架,并且也不试图包含在web开发中每一个可能遇到的任务,相反,Quixote努力做到足够的灵活。Quixote包含了一些同服务器底层借口相关的操作,例如从提交的表单中分解变量,处理上传文件,并且提供一些新的功能例如session tracking的底层实现。
This makes Quixote easy to learn for experienced Python programmers because their existing skills, acquired by writing Python programs and scripts, can also be applied to writing Web applications with Quixote. Novice programmers can also learn Quixote and once learned, their new-found skills can be applied to other Python programming tasks.
这使得Quixote非常适合于有经验的Python程序员学习,因为他们现有的有关于编写Python程序或者脚本的技能,同样适用于编写web应用程序。初学者一样可以学习使用Quixote,并且一旦掌握了Quixote,他们新学到的一些技巧将童谣适用于其他Python的编程任务。
(A series of Quixote tutorials can be found at http://www.quixote.ca/learn/.)
By staying within the main stream of Python design practice, Quixote makes it easy to use third-party modules in Quixote-based applications. External packages such as the Reportlab Toolkit(PDF file generation), ZODB (an object database), or mxODBC (access to relational databases) can be used from Quixote without difficulty.
作为主流的Python设计实践,在Quixote使用第三方的模块非常的方便。一些packages,诸如:
the Reportlab Toolkit: PDF文件生成
ZODB:一个面向对象的数据库
mxODBC: 关系型数据库
都可以在Python中使用。
Performance
性能
Quixote imposes very low overhead on each HTTP transaction, meaning that performance can be quite good even on inexpensive hardware. For example, one benchmark found that Quixote and SCGI can achieve 75 requests/second on a lowly Pentium 200! On a more current machine with an Athlon XP 1700+ processor, this combination has been measured at 425 requests/second.
Quixote 在处理HTTP交互中引起的额外代价非常小,这意味着Quixote在那些并非由昂贵的硬件搭建的服务器上的表现依然可以很好。例如:在一项基准测试中,运行在P2最低配置的机器上,Quixote同SCGI仍然可以达到75requests/second, 在Athlon XP 1700+ 处理器上,Quixote同SCGI的组合可以达到425requests/second
Security
安全
Quixote is relatively small, consisting of almost 7,000 lines of Python code. Only 2,500 lines of this contains the core publishing code; that's relatively small, making it possible to carefully read through the code and audit it for security vulnerabilities.
Quixote非常的小,只包含总共大约7000行Python代码。 其中只有2500行包含core publishing code,因为Quixote的源代码非常小,所以你尽可以通过认真阅读所有源程序,然后重新修改Quixote,以保证更好的安全性。
Quixote also requires the developer to explicitly specify which Python functions can be accessed from the web browser. This makes it unlikely that private functions will be accidentally made available.
Quixote 也需要开发者明确指出哪些Python函数可以被浏览器直接访问到,这样保证了私有函数不会暴露。
Quixote Availability
Quixote 的适用范围
Quixote runs on several Unix variants (Linux, FreeBSD, Apple MacOS X) and on Microsoft Windows.
Quixote 可以运行在Unix及其变种(Linux, FreeBSD, Apple MacOS X) 以及Windows平台。
A partial list of the HTTP servers supported by Quixote includes Apache (optionally using SCGI, mod_fastcgi, or CGI), Microsoft IIS, AOLServer, Medusa, and Twisted Python.
服务器支持包括
Apache(SCGI, mod_fastcgi, CGI)
IIS
AOLServer
Medusa
Twisted Python
