A Piece of CherryPy for CGI Programmers

An anonymous reader writes "IBM developerWorks is running an article outlining the strengths and offering some helpful advice on the Python framework 'CherryPy'. CherryPy uses the same concepts as CGI to bind a web server to a web application, but it improves performance and gains persistence across requests by handling all its requests within a single process."

Give me a reason to use this

[wilsoniya]

I'm not a py programmer at all, but seeing as numerous single-process dynamic web platforms exist (PHP, JSP/Servlets), whats w/ all the hype? Maybe ppl are just happy to be able to use python for web apps?

-m

Re:Give me a reason to use this

[Poromenos1]

Probably... Personally I love Python, and one of the things I love is that it's still being developed. You can actually suggest something and see it implemented in the language. You can probably do that in many more, but all the others I know have been standardised. Plus it has all the other great stuff which makes it my first choice for anything.

Re:Give me a reason to use this

[Nasarius]

There are already efficient ways of using Python for web apps. FastCGI and mod_python, for example. I'd like to see benchmarks for this new one.

People are looking at this the wrong way

[sean23007]

I think people are looking at this the wrong way. I see a lot of posts saying "who cares? ASP is already like that!" or "You're supposed to have it in a single process anyway!"

What makes this cooler is that Python functions are exposed in the URL. Read through that IBM tutorial. It's fairly interesting. Put a function called hello() in your CherryPy application, and the return value of that function is displayed in your web browser when you visit http://address/hello [address]

I don't know about you, but I think that's pretty cool. You could definitely do some interesting stuff with this, and I can see it saving a lot of time in the code-writing phase. And once you get your head wrapped around that concept pretty well, the design phase would probably get a lot shorter too. (Not to mention how much easier it would then become to add new features to the application.)

This is interesting for two reasons: Python frameworks are now catching up to things like ASP and PHP, but are doing some crucial things differently that might make it much easier/more powerful. I might start using this instead of PHP for small web apps that just need to talk to a database, and see how it goes from there.

Cool!

[smoondog]

Python is a great language, but my worry is about security. I would think that given the previously mentioned cool features, this app would have more security worries than your average all-in-the-same-process cgi extenders.

Its all in the marketing ....

[Anonymous Coward]

CherryPy implements some useful ideas, but no more so than various other Python frameworks available out there. There are after all only so many ways of mapping URLs into a Python based framework, and there are currently a lot of Python based web frameworks, thus a lot of duplication.

It is sad to say, but at the moment the war as to which is perceived as being the better Python framework for web applications is being won more on the marketing side than on the particular technical merits and quality of implementation.

There are some people out there who are developing some really quite interesting stuff based on inovative ideas and who are producing good quality code as well, but in many cases, although they may result in a better experience as far as developing a web application, because they don't have the associated marketing that some projects have, they get passed over and the projects never get developed that extra step to turn them into something awesome.

The ultimate in hype for Python web frameworks of late has been Django. It has been getting a huge amount of mind share by comparing itself to Ruby on Rails. The last time I looked they still hadn't actually made an official release.

In summary, if you want to build a successful Open Source project, don't start by writing code, do what any commercial business does and ratchet up the hype through marketing and promise the world. Do that and you will be almost certain to get lots of people to help you with the code once you do start. :-) :-) :-)

" All it does is..."

[LionKimbro]

It says "All it does is connect the Web server to your Python code with as little fuss as possible. It doesn't make decisions about what other tools to use, ..."

And then in the very next paragraph, it says: "Instead of relying on Apache or another Web server, CherryPy runs its own small Python-based Web server."

No, no, no!

I love CherryPy as a way of routing requests to Python objects and functions. Rock on!

But look, I'm running like 20 wiki [taoriver.net] and 5 custom web apps and a few WordPress [wordpress.org] installations on my server. [taoriver.net]

And they are all plugged into Apache.

So, actually, in fact, CherryPy has now made some decisions about what tools I'm supposed to use.

Sure, I can forward requests from Apache to the CherryPy server, but that is yet another hassle, it is yet another thing to support and maintain and think about.

I wish instead that the CherryPy dev's had made it so there were multiple adapters to the CherryPy system.

All that said:

CherryPy is my favorite system for doing web apps in Python. I've used it, I've loved it, it's great. It does make programming WebApps "fun," which is perverse. So, it's succeeded.

But I strongly dislike how I have to do this funny Apache business to get it to run on port 80, or I have to give people weird 8080 addresses, like you saw in the article.

Another thing I dislike, is that it's kind of tricky to get it to do XML-RPC, in my experience. (Then again, that was 3 months ago. Perhaps things have changed now.)

(I just use AutoXmlRpcServer [python.org] or AutoXmlRpcCgi [python.org] for when it's XML-RPC alone, without a web side along with it.)

But again: CherryPy is my favorite, when there is no XML-RPC aspect, and when I don't mind the weird config stuff I have to do to get it to cooperate with Apache.

People are looking at this the wrong way

[darekana]

Actually I think CherryPy and Zope have been around a while before Ruby on Rails. And speed wise Python kicks Ruby's ass [debian.org] for now.

And actually I don't know of any java frameworks that don't require tons o' xml flinging to get up and running. Please feel free to enlighten me.

Re:You mean...

[jma05]

CherryPy is nothing like ASP, ASP.NET. The script you write is EVERYTHING. You don't need a web server like you do in ASP/ASP.NET. It is the web server with your code in it. I have been using CherryPy for a while. What is nice about it is that for simple things, it justs steps out of the way. There is very little framework code in my apps and they just feel like console programs.

django! (/. missed the hype train)

[brendano]

The big thing in python web programming right now is the introduction of Django [djangoproject.com], a mature RAD framework that shares lots of features with Rails. It's got a lot going for it; it'll be interesting to see how things turn out.

I find CherryPy's URL traversal scheme a bit clunky -- since you connect up objects to each other via attributes, you can't see the hierarchy of your site. At least with PHP you can use "ls" to discover what your URL space looks like. Django uses a really neat scheme that binds a table of named regular expressions to callable handlers, e.g.

(r'^polls/(?P<poll_id>\d+)/$', 'myproject.apps.polls.views.polls.detail')

and the handler is declared as

def detail(request, poll_id)
...

...so that requesting /polls/13/ maps to calling detail(request, 13). Here's more about it... [djangoproject.com]

Re:Umm..

[dotgain]

Sure, FastCGI is great, I agree. But, even after all these years "Fast" and "Python" still aren't allowed to be used in the same sentence, hence CherryPy. Mark me Troll, that's fine, but please tell me: Am I the only one that thinks CGI in python is insane because it's the all round slowest-to-run programming language about? Sure it's nice to write and easier to read than most, but for any program you end up running 100 times more often than you write it, choose somthing else.

Can anybody show me that Python is a realistic contender for CGI - or for that matter - any programming? I used to subject myself to a Linux distribution called Gentoo [gentoo.org] whose package mismanagement system, Portage, is mostly if not entirely done in Python. I found that for compiles of many small packages, we spent about as many CPU seconds on 'emerge' itself than we did building. Running 'emerge' on something old and spluttery like a sparc32 is just not the done thing. You've got probably 30 seconds before you've got any indication that the program has validated your input and started processing at which point you find something else to do.

Re:Wow, dude. Chill.

[LionKimbro]

It's not just the 2 or 3 lines in the Apache server.

It's:

• The 2 or 3 lines in the Apache server.
• Learning where in the Apache documentation those 2 or 3 lines are, and familiarizing myself with them.
• Debugging those 2 or 3 lines, fiddling with Apache a bunch.
• Figuring out the details of where the CherryPy server is going to run, with what priviledges, with what permissions on what directories.
• Figuring out how to configure the CherryPy server.
• Figuring out how to make the CherryPy server automatically start when the computer boots up.
• Making the changes so that it autostarts when the computer boots.
• And then testing that it autostarts when the computer reboots, by actually rebooting it.

I just plain don't like any of that stuff. None of it.

I'm not a sysadmin; I'm lucky to have cobbled together my 20 wiki, 5 custom web apps, and a few WordPress installs. I dread upgrading my Wordpress blogs, one of which isn't even working right now, and has been custom hacked. Something about not being able to connect with the MySQL db for some reason, I don't know. I don't even care at this point. I dislike diddling with stuff.

Gimme as few pieces as possible. Don't make me think about security, don't make me make things automatically start at boot time, plug into my existing framework, yadda yadda yadda.

Gimme gimme gimmy!

Re:You mean...

[Anonymous Coward]

The problem is, that every python web framework insists on creating it's own webserver, by which they mean call http.create which instantiates a very simple text processing daemon built into the language using simple sockets, which are also built into the language.

Re:Cool!

[hoka]

What I've encounted with Python is the overwhelming lack of crypto, not necessarily a lack of "security" (I use that term loosely here). What stems from the lack of good default crypto is a sense of a lack of security. For example, the Python SSL implementation has no certificate verification, which is a huge problem for anybody who wants to do any client work. There is also a complete lack of support in most libs for servers (https server? secure xmlrpc server?). This means that you can only half-ass the client side, and the server side is non-existant. While I havn't looked at the framework, I'm hoping that they implemented extra features into the system that makes it a bit better of a choice for security reasons. Right now I'm having a hell of a time trying to get some basic solid crypto security going over xmlrpc.

Plodding Python?

[crucini]

I don't know much about Python, but I doubt that emerge's slowness comes from Python. It's probably doing a linear scan of something that should be indexed more intelligently. Or maybe it's opening a huge number of files.

A similar thing applies to web apps - a slow web app is usually due to high-level design errors, not a slow scripting language. A lot of web apps spend most of their time in database calls. When an app is blocked on I/O, it's just as fast in Python as in C, much like a Porsche stuck next to a Yugo in traffic.

Perl is not exactly a speed champ compared to C, but many snappy web pages run on Perl because the amount of computation involved in sending the web page is relatively small. Is Python substantially slower than other scripting languages?

Re:People are looking at this the wrong way

[stuntpope]

I love all this "x has that already" talk when CherryPy has been around for years before some of the x's.

Re:django! (/. missed the hype train)

[Ian Bicking]

If we're talking about URL management, an interesting Python project is a port of Rails' Routes [groovie.org]. This is notable in particular because it is reversable -- you can both unpack a URL to a controller and set of arguments, and pack a controller and set of arguments back into a URL.

It's a very new project, so I don't think it's been used in any Python framework yet. But it would probably be applicable to quite a few of them (perhaps including CherryPy).

Re:Cool!

[Anonymous Coward]

My solution currently is server-side only (SecureXMLRPCServer) which comes as an example with PyOpenSSL, I hacked on it a bunch so that it supports things a bit better, but its a nice base to get a secure server going. Right now I'm trying to rewrite a SecureTransport that is better than the SafeTransport included in the base xmlrpclib. If you need something quick, Twisted has a out-of-the-box ready Transport that uses their library, and hook that up with the pyopenssl (or just write one of your own) server and you can just dial in verification callbacks as you see fit.