Saturday, October 27, 2007

Hey look, a simple web server

I think I'm done writing my web server. I have gotten it to do what I want, namely this. This server will:
  1. Run just about anywhere. I sometimes run it off of a USB pen drive.
  2. Send all traffic over an HTTPS connection.
  3. Handle user authentication and permissions. You can only read and write where you have permissions.
  4. Allow you to store data in a remote location. Just POST to a URL to store something at that location, GET to retrieve it.
There really wasn't much to it. I was able to write this quickly and there wasn't that much code. The main thing it is lacking (in my opinion) is speed. This could be fixed by making it multithreaded and adding some caching since right now it always reads from the disk. Without further ado, here's the code. I also wrote a Python client and a JavaScript client to go with it will be coming soon. If you found this to be useful, please let me know.

I've also been looking at CherryPy as a framework to create the same type of portable, simple, and secure web server. As usual, stay tuned for details.

Wednesday, October 24, 2007

Varieties in Code Design

One of the interesting things about writing software is the myriad of ways to express what it is that you would like the computer to do. When designing a class, function, or something else, you can make the syntax looks just about any way you like. The real interesting bit, is when multiple people need to work on a large project together. Everyone needs to be able to understand the code, so it's probably a good idea if you agree on code conventions beforehand. All of the below would do equally well, but which is most clear?

x = a + 5;
x = a.plus(5);
x = 5.plus(a); (You could do this in Ruby/)
x = plus(a, 5);
plus(a, 5, x);
a.plus(5, x);
set(x, plus(5, x)); (This looks a bit like Lisp.)

The list goes on and on.

Tune in next time for simple Python web-server fun.

Thursday, October 18, 2007

Design for the simple secure storage server

In my last post, I mentioned my motivation for writing this server and pointed to the foundation I'm building on. Now it's time for more detail.

This server may not be supper fast (single thread execution) and it may not be super secure (user data stored in plaintext on the server) but it will be super easy to set up.

Allow me to clarify the security point in the above summary. In the initial version of this server, all traffic will be sent over an SSL connection (HTTPS) and users will authenticate with the server using Basic Auth. In Basic Auth, the users password is sent to the server in plaintext. There are better authentication schemes out there, but for this version of the server, I'm going for quick and simple. Basic Auth is just barely acceptable for this project because the connection is secure, but the server will likely store these passwords in plaintext as well (for now) so server disk security may be the weak link. With that said, the idea for this server is to provide a simple and portable back-end for my AJAX applications.

Thursday, October 11, 2007

A simple HTTPS server

Recently, I've been working on an AJAX application in my spare time and there's something I could really use: a simple network data store.

A JavaScript application isn't very useful without some persistent data. However this usually requires running a web server. My original idea was to distribute the application as a file which is loaded from the local disk. At this point you may be saying, "Wait a minute JavaScript running in a browser can't access the local disk." But scripts can read and write to the local disk if they are loaded from disk instead of the Internet. See TiddlyWiki for a great example of a useful application that uses this design. The problem though, is what happens when you want to sync the data from the AJAX application across multiple computers. Well, once again, it looks like I need a web server after all.

So I set out to build a simple server. All it really needs to do is allow applications to store and retrieve data. To make sure that the data remains a secret, the traffic will be sent over an HTTPS connection. Access to certain directories and files on the server will be granted only to select users, so usernames and passwords are required too. Since I've been working with Python recently, I tried to see if it was possible to create a simple HTTPS server which could handle GET and POST requests and perform dynamic behavior. I found a great example on activestate.com which uses an open SSL .pem file. The instructions in the article made setting up this server a breeze. I've been working on a customized version of the above example, but it isn't quite ready. As usual, stay tuned :)