Lecture 15 -- Meep layers; SSL; the Quixote framework

discussion of homework:

testing things like delete (twill tests)

common user expectations could have been better met...
  • creating account => logging in

next hw:

quick database overview
  • things to think about:

    when to add; when update; when to save; if to delete; how do you keep things in memory "clean"?

CRUD in bsddb
  • how to create, update, delete
CRUD in sqlite
  • how to create, update, delete

modifying meeplib for persistence:

  • should be possible to modify meeplib without modifying any of your Web code
  • multiple layers: presentation, content, data persistence:
    • positives: data hiding
    • negatives: multi-layer changes when adding stuff
  • try not to contaminate the interface "above" meeplib with persistence info

session workflow:

  • purpose of sessions (viz. Thursday)

  • brief workflow

  • create a new session for each log in (don't reuse session IDs)

  • expiring session: removing the cookie is not enough (why would the

    browser need to listen to you? don't trust the browser!):

    • remove cookie from internal table
    • what happens when you get a cookie but it's not in your session table?

security: SSL

Frameworks:

Quixote:

One of many frameworks. Considered an "object publisher": you set up an object hierarchy mirroring your URL hierarchy and go from there.

Thursday:

Monday: