Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
#278 Multi-tenant Python applications
Watch the live stream:
Watch on YouTubeAbout the show
Sponsored by: Microsoft for Startups Founders Hub.
Special guest: Vuyisile Ndlovu
Brian #1: dunk - a prettier git diff
- Darren Burns
- Uses Rich
- “⚠️ This project is very early stages” - whatever, I like it.
- Recommendation is to use less as a pager for it
git diff | dunk | less -R
Michael #2: Is your Python code vulnerable to log injection?
- via Adam Parkin
- Let’s just appreciate log4jmemes.com for a moment
- Ok, now we can talk about Python
- We can freak our the logging with line injection
"hello'.\nINFO:__main__:user 'alice' commented: 'I like pineapple pizza"
Results in two lines for one statement
INFO:__main__:user 'bob' commented: 'hello'.
INFO:__main__:user 'alice' commented: 'I like pineapple pizza'.
- The safest solution is to simply not log untrusted text. If you need to store it for an audit trail, use a database.
- Alternatively, structured logging can prevent newline-based attacks.
- Padding a ton? One such case is abusing padding syntax. Consider this message:
*"%(user)999999999s"*
- This will pad the
user
with almost a gigabyte of whitespace. - Mitigation: To eliminate these risks, you should always let logging handle string formatting.
- See this discussion: Safer logging methods for f-strings and new-style formatting
Vuyisile #3: Building multi tenant applications with Django
- Free book by Agiliq, covers different approaches to building Software as a service applications in Python/Django.
- Covers four approaches to multi tenancy, namely:
- Shared database with shared schema
- Shared database with isolated schema
- Isolated database with a shared app server
- Completely isolated tenants using Docker
Brian #4: Should you pre-allocate lists in Python?
- Redowan Delowar
- Discussion of 3 ways to build up a list
- Start empty and append:
l=[]; l.append(1); …
- Pre-allocate:
l = [None] * 10_000; …
- List comprehension:
l = [i for i in range(10_000)]
- Start empty and append:
- Interesting discussion and results
- The times (filling the list with the index):
- append: 499 µs ± 1.23 µs
- pre-allocate: 321 µs ± 71.1
- comprehension: 225 µs ± 711
- Python lists dynamically allocate extra memory when they run out, and it’s pretty fast at doing this.
- Pre-allocation can save a little time.
- Conclusion: use comprehensions when you can, otherwise, don’t sweat it unless you really need to shave off as much time as possible
- The times (filling the list with the index):
- Of note: this was just measuring time, no discussion of memory usage.
Michael #5: mockaroo and tonic
- Do you need to generate fake data?
- Mockaroo let’s you generate realistic data based data types (car registrations, credit cards, dates, etc)
- Tonic takes your actual production data and reworks it into test data (possibly striping out PII)
Vuyisile #6:
- Brachiograph —the cheapest, simplest possible Python powered pen plotter by Daniele Procida
- Low tech Raspberry Pi project that can be built for < $50 using common household objects like a clothes peg ice cream stick
Extras
Brian:
Michael:
- ngrok has a detailed web explorer
Vuyisile:
- Thunder Client : VS Code extension, Lightweight client for testing REST APIs Postman alternative
Joke: Linux world in tatters
Related: Origin of the joke - Lapsus$ claims to leak 90% of Microsoft Bing's source code