#pocoo

/

      • vrani joined the channel
      • __Yiota joined the channel
      • mssssm has quit
      • mssssm joined the channel
      • kersom has quit
      • kingarmadillo joined the channel
      • tachyondecay joined the channel
      • microdex has quit
      • kempo joined the channel
      • sh4nks has quit
      • Orochimarufan joined the channel
      • sh4nks joined the channel
      • microdex joined the channel
      • __Yiota joined the channel
      • microdex joined the channel
      • GrayArea has quit
      • Phah12 joined the channel
      • jkilpatr joined the channel
      • Phah11 has quit
      • Troy1 joined the channel
      • jkilpatr has quit
      • aajjbb has quit
      • nucleargrave joined the channel
      • sef joined the channel
      • itdependsnetwork has quit
      • lordkryss has quit
      • tachyondecay has quit
      • itdependsnetwork joined the channel
      • aajjbb joined the channel
      • eseifert has quit
      • eseifert joined the channel
      • lexicall joined the channel
      • QualityAddict has quit
      • charlietheredd joined the channel
      • charlietheredd has quit
      • itdependsnetwork has quit
      • aajjbb has quit
      • xieyuheng joined the channel
      • lexicall has quit
      • kempo has quit
      • ArchDebian joined the channel
      • xieyuheng has quit
      • Jugurtha joined the channel
      • kolobyte has quit
      • kolobyte joined the channel
      • ArchDebian has quit
      • mo``` joined the channel
      • kingarmadillo joined the channel
      • mo`` has quit
      • yardenbar joined the channel
      • yardenbar has quit
      • charlietheredd joined the channel
      • indistylo joined the channel
      • charlietheredd has quit
      • nucleargrave has quit
      • kingarmadillo joined the channel
      • senaps joined the channel
      • ptrdvds joined the channel
      • yardenbar joined the channel
      • abhishekg5 joined the channel
      • OpenCode joined the channel
      • Orbitrix joined the channel
      • senaps has quit
      • microdex joined the channel
      • El_Rolando joined the channel
      • Pyrus joined the channel
      • tino097 joined the channel
      • tourdownunder has quit
      • emk joined the channel
      • [diablo] joined the channel
      • charlietheredd joined the channel
      • vrani has quit
      • xsteadfastx has quit
      • Jugurtha joined the channel
      • tourdownunder joined the channel
      • charlietheredd has quit
      • xsteadfastx joined the channel
      • elsanchez has quit
      • elsanchez joined the channel
      • GrayArea joined the channel
      • kingarmadillo joined the channel
      • sdiepend joined the channel
      • lcabrera joined the channel
      • yardenbar joined the channel
      • netroxen joined the channel
      • tino097 has quit
      • tino097 joined the channel
      • deepy
        Is there any easy to do return a response and then continue processing in the background? I have some things that should get insert into the DB but I also cannot delay the response longer than 3s and there's an API call happening in the middle which can be very slow :-(
      • metoo
        deepy: I would suggest to look into something like Celery
      • netroxen
        deepy, How would you show the response was successful..?
      • wooster has quit
      • wooster joined the channel
      • yardenbar joined the channel
      • abhishekg5 has quit
      • Ergo joined the channel
      • deepy
        response status 200
      • I just want to acknowledge receiving the request so that slack won't post it again
      • yardenbar has quit
      • wooster has quit
      • wooster joined the channel
      • ThiefMaster
        deepy: if you have a long-running task move it into a background process (e.g. a celery task)
      • that way you can return a response quickly if you have impatient clients
      • ub joined the channel
      • fmerges joined the channel
      • deepy
        It's not really a long-running task, it's just that the slack api call can make it last for almost 3.3s every once in a blue moon
      • But I guess I'll move to celery
      • cheers
      • Hmm, maybe there's a way to respond with an 'ok' and then edit that into the correct response from the celery task </noteToSelf>
      • yardenbar joined the channel
      • thodnev joined the channel
      • Out of curiosity, does that work well with my flask-sqlalchemy models?
      • thodnev
        Hi guys, need help. I'm obtaining json data, parsing and processing it outside of flask. What I need is to somehow limit `max_content_length` only on api route in flask. I've read how it's done in werkzeug, but flask heavily modifies its request class in a way I don't understand. Also the MAX_CONTENT_LENGTH config key is not an option as it is global
      • kempo joined the channel
      • ThiefMaster
        deepy: you cannot safely do stuff after returning a response
      • TheAdversary joined the channel
      • deepy
        I get that, but I'm only returning a response after I've added a result in the db, if handling that fails well that's no issues, I still got it in the db
      • indistylo joined the channel
      • johnf96 joined the channel
      • fluter joined the channel
      • maanil joined the channel
      • johnf96
        What do you all do to protect against brute-force attacks with flask? I can't seem to be able to find something like django-axes for flask.. but I'm still a flask newbie :)
      • ThiefMaster
        what kind of brute force? against passwords? there are some rate limiting extensions that can probably do it
      • johnf96
        yes, against passwords.
      • Do you mean rate limiting at the sever level or flask level?
      • ThiefMaster
        there are extensiosn for flask
      • Jugurtha1 joined the channel
      • but if your webserver or loadbalancer can rate-limit requests to a certain URL it's probably even better
      • however, brute forcing passwords over a network connection isn't very effective even without rate limits: if someone uses a large botnet they won't hit any rate limits anyway (and locking the user account will let anyone troll a user by getting him blocked on purpose)
      • if they use only a single machine, even with a decent network connection, they are more likely to DoS your site by sending a shitload of requests than being able to actually bruteforce a password
      • Bubo has quit
      • you should be using something like bcrypt anyway so checking passwords is kind of slow. let's assume 100ms. that's 10 passwords per second. let's assume 32 cores and the user spamming requests as fast as possible. so, 320 passwords per second. not very likely to bruteforce anything but the weakest passwords (which should not be allowed to be used anyway)
      • anyway, some not-too-low ratelimits are a good idea nonetheless
      • kingarmadillo joined the channel
      • johnf96
        Well, the flask site will be running on a server with quite a bit of bandwidth.. Is there something in flask where, after a certain number of failed logins from an IP, that IP will have a timeout?
      • ThiefMaster
        but please make sure they don't hit legit users who try a few of their passwords :) if you start throttling (maybe just showing a recaptcha, then giving more tries) after 10 or 20 failed attempts it's VERY unlikely that any legitimate user will hit it while still locking otu bots
      • johnf96
        yes using bcrypt :)
      • ThiefMaster
        flask doesn't even have "logins" so no, you'd have to check whatever extension you use for handling the logins
      • flask-security might have it, flask-login is lightweight and doesn't
      • johnf96
        I'm using flask-security, but unfortunetly doesn't have any features for brute-force protection
      • ThiefMaster
      • johnf96
        Yep, that issues been open since 2014
      • Ok, perhaps I'll just opt for re-captcha
      • ThiefMaster
        but please do that only after some failed logins ;)
      • even with the nice new one that just makes you tick a checkbox in most cases - it's annoying to do that for every login
      • johnf96
        Yes, it certainly is :)
      • maanil
        Hi, I am new to web frameworks, and I have an architectural question. Lets say that I have objects like posts, entries, comments, and locations in a forum-like system. I have stylized divs for each kind of object, and would like to display them. If I use jinja2 templates for each object. I will have a big tree of nested templates, for each entry and comment et cetera. Is this the correct way to do this? Or, shall I, say, code methods t
      • For example, for comments, I have a div box, shall I create a template for it and call it inside a a nest of templates, or write the method comment.encode_html() and inject the resultant code?
      • Or, anything else that I cannot think of?
      • kingarmadillo joined the channel