Exploring Django and the Real-time Web


use gevent or else go with separate node/socket.io and maybe redis – but then how to deal with auth across both?

Exploring encryption / security in Django apps; dealing with PHI in web apps

cryptographic signing – perhaps to generate one-time url for results download

more encrypted fields:
but once encrypted, then cannot query or sort
so presumably use two stage system:
stage 1 – intake, more open access, collects data over https, encrypts into postgres, then transferred to stage 2 – only current data and only certain fields kept post transfer to stage 2
So if comprised, limited data exposed.
stage 2 – not encrypted, limited access
So quarantine and encryption doing the protection.
stage 2 could be encrypted, but then for client use all data would need to go to client and sorting / filtering happens in client.  seems just as secure overall to just limit access in stage 2.
How to manage transfer process?  Add a succession number to track which items have been transferred.  do transfers on cron schedule, or everytime new data comes in to stage 1.  need a policy for expiration at stage 1.
What about overall security model?
another slightly more sophisticated approach:

From Client-side Encryption to Secure Web Applications by
Emily Stark

Submitted to the Department of Electrical Engineering and Computer Science on April 24, 2013, in partial fulfillment of the
requirements for the degree of
Master of Science in Computer Science and Engineering


This thesis presents an approach for designing secure web applications that use client-side encryption to keep user data private in the face of arbitrary web server compromises, as well as a set of tools, called CryptFrame, that makes it easier to build such applications. Crypt- Frame allows developers to encrypt and decrypt confidential data in the user’s browser. To ensure an adversary cannot gain access to the decryption keys or plaintext data, CryptFrame provides a browser extension that stores the keys and allows only sensitive regions in the web page to access them. CryptFrame performs templatized verification of sensitive regions to grant small amounts of trusted client-side code access to plaintext data in the browser. Finally, CryptFrame provides a principalgraph to help users safely change permissions on shared data in the presence of active adversaries. We use CryptFrameto modify several existing Django-based applications, requiring few source code modifications and incurring moderate performance overhead.

Thesis Supervisor: Nickolai Zeldovich Title: Associate Professor


Towards Getting Drupal’s WebForms Functionality in Angular JS

Drupal Webforms (https://drupal.org/project/webform) lets power users create their own forms through a web interface, choosing the types, labels, number, etc. of fields they want.  It then can present the form to final end users to fill out, and collects the data in the database.  Admins can then view the results tabularized online or download as CSV.

I want to see the same available for a Angular / Django stack.

Already someone has form generation from simple json descriptions – this being a tool to make form code faster to write for developers:
Someone else has started on form creation by users:  this app allows users to spec out their forms and then it generates most of the angular code for the form:
By most, I think it does not yet handle saving the form to your server database.
Which makes sense as that would vary by backend.
Perhaps even better, another similar effort but with drag and drop to build bootstrap forms:
Either of these would be excellent open source projects to contribute to if any student devs are looking for cool stuff to do in their free time.
Drupal Webform has one maybe “fault” – it saves results from one form submission all together in the database as one results field – as a long string of concatenated key/value pairs.  Probably this is ok, maybe even best approach – you could still make the admin table of results sortable and filterable by just doing that fully on the client side.
So to get to Webforms, above needs to extended – add autogeneration to include code to send json of results to django database via restangular and django rest frameworks api/deserializer and then front end admin interface so that admins can have a tabular view of all submissions and then an option to download those submissions as CSV.  So for the admin view you would just throw them into an ng-grid (http://angular-ui.github.io/ng-grid/) or better yet it would be nice to try ng-table http://bazalt-cms.com/ng-table/ which has download as CSV already built in.

The Zen of Python is always good to review

>>> import this
The Zen of Python, by Tim Peters

Beautiful is better than ugly.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren’t special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.
In the face of ambiguity, refuse the temptation to guess.
There should be one– and preferably only one –obvious way to do it.
Although that way may not be obvious at first unless you’re Dutch.
Now is better than never.
Although never is often better than *right* now.
If the implementation is hard to explain, it’s a bad idea.
If the implementation is easy to explain, it may be a good idea.
Namespaces are one honking great idea — let’s do more of those!

Angular JS tree view / drag n drop status

hmm, so treeview situation with Angular vastly improved.

first, not angular, but tempting because it already works well with remote data json src, and has drag and drop even between treeviews – which I was hunting for to see if already done by someone:
hmmm, would prefer angular of course, before there was only this:
https://github.com/eu81273/angular.treeview  which I have used and it is ok given nothing else already plug and play out there…
but just now I found this:
hubba hubba…
and it has between trees drag and drop! try it out  –>  http://jimliu.github.io/angular-ui-tree/trees.html
%d bloggers like this: