Getting Started with Python

I’ve been using java for as long as I can remember (actually, I remember using C/C++ and even TurboPascal). This is because my work is largely a java shop, but more and more of us are using whatever fits the job. Python seems to be gaining popularity here so I decided to dive into it.

The python tutorial here is helpful for getting started.

Here’s my first python code just to insert some rows into a mysql database:

import MySQLdb

if __name__ =='__main__':
	conn = MySQLdb.connect(host='localhost',user='root',passwd='inference',db='mracompanies')
	x = conn.cursor()
	for i in range(1,2089):
		x.execute("insert into table_for_michelle(id) values(%d)"%(i))
	conn.commit()
	conn.close()

Let’s go over the code a bit first. The import MySQLdb on line 1 just imports the mysql library. MySQLdb is a wrapper for their native _mysql library and just makes working with mysql a bit easier.

The next line “if __name__==’__main__'” tells the interpreter that this is where the main method starts.

After that you have a bunch of mysql-specific calls.

Of course, setting up the system to do this wasn’t cake (it never is). Installing python was very straight-forward. It was actually installing this MySQLdb module that was tough.
I used the command “sudo pip install mysql-python” to get the MySQLdb library. It’s not “sudo pip install MySQLdb” as I would have expected. Then it complained about not finding mysql_config so I had to add the folder of that file to the $PATH. Then it complained about not finding libmysqlclient.18.dylib, so I had to soft link it to the /usr/lib folder.
Hopefully you don’t run into this, but both my coworker (who’s much more familiar with python) and I did.

So far, my sense is that python is great for quick-and-dirty implementations. Experiment or run-once and throwaway type of code. The language is very flexible and makes writing code pretty fast (if you know the syntax) but I think it can also be dangerous because it’s not as readable, so I’d imagine it’s hard to maintain or hand off to someone else. I also hear performance is not up to par compared to Java. So I think I’ll do my experimentations in python and production code in java and see how that works out.

More Secure Passwords

Initially, I was using the SHA1 hashes for passwords. But after reading some articles about password safes being stolen and what hackers can do to decrypt them, I decided to use a more secure password scheme. I decided to salt the passwords.
You can read more about them here.

Basically, a salted password is one where a string is prepended or appended to the password before being hashed. This string is the salt. You can use the same salt for all passwords but it’s a little more secure to use a random salt for each password. So the random salt is added to the password, then hashed, then the salt is appended to the password (or kept elsewhere) so you can verify a password when it’s later entered.

Fortunately, you don’t have to do this all yourself.
The Apache authentication module will accept salted passwords including MD5 as previously mentioned here.
All you have to do is salt and hash them and store them in the database. Apache will verify the passwords later. And there are a lot of open source code for salting and hashing your password using the MD5 approach. Here’s the one I used called MD5Crypt.