How well does Django's anti-spam system in the comments framework work? Have you used it? What percentage of comment-spam does it prevent roughly? Is there anything else you do to help prevent comment spam on sites using the Django comments framework?
There's a Python API to Askimet. It's what wordpress uses to stop spam (and it works pretty well).
By default Django only offers a honey pot field and a hash check for spam prevention. It stops a lot of spam but absolutely not all. I'd guess at maybe 50-70% or so. For a very small site I have with less than 50 unique visitors per day, that is all that is needed. For larger sites, you definitely need additional protection like Akismet.
Related
I'm writing a blog application. All the pages (lists of posts, detail of the post) are really static, I can predict when the must be update (for example when I write a new post or a comment is added). I could use #cache_page to cache entire views.
The only problem is that in every page I have some data collected from Twitter that I want to update every 5 minutes.
Django offers template caching, per-view caching and the low level cache framework. With the low level framework I can avoid calculating most of what must be displayed on the page (like caching Post queries, comments, tags...).
What is the best approach to my problem? How to aggressively cache almost everything for a view / template but a few parts?
I want to avoid using iframes.
Thanks
You can not exclude certain parts of a Django template for the cache not should this work in any other template engine I know of.
My advice would be to use JavaScript to asynchronously load you're ever changing content. It should be particularly easy with Twitter as the already offer a great API.
It that doesn't suit you, you can always use Django template caching, to cache only parts of your template.
One option might be to set up Varnish on the server. I'm not familiar with Varnish myself, but as I understand it you can use Edge Side Includes to cache only certain fragments of a page.
Obviously it may not suit your use case, but it sounds like a possibility.
I'm looking into having a blog/content section on my dynamic website. Is it sensible to use a static website generator like Hyde to generate the "static content part" of the website?
Advantages would be:
easy/simple for a few other people to submit articles
performance
using a similar stack as the rest of the website - in my case, using Hyde and the same syntax as django templates
I would use the flatpages app for this. With the flatpages app you can still put your content (blog posts) directly on the HTML but you'll have the advantage of templating (using you base site template or just a custom one for the blog). You'll also be able to keep track of how many pages there are on the admin panels. You can also "outsource" comments to something like Disqus and maintain a dinamyc feel.
Still I would really think about the reason why you're doing this. Getting a blog post from a db isn't a very performance shattering operation unless your server is overly strained as it is.
You'd be far from the first person to do this. It still very much feels to me like Ruby's Jekyll (of which Hyde is a Python 'port' of sorts) is a bit more ahead in this regard, but I also come from a Python / Django background and can understand the desire for some homogeneity.
Most examples I can think of are done with people using Jekyll, but this blog post covers one person's move from WordPress to Hyde that they seem quite happy with, and there's also this Hyde blog, both of which potentially have some useful advice for you. Disqus seems like the comment platform of choice, and you integrate it simply by embedding some JavaScript in your site, hence it's a beautiful solution for a static site.
Realistically I can't see "performance" as a major issue; I may be doing you an injustice here, but it generally seems like those with enough blog traffic to cause performance issues are in the state where they've got the cash to lob a caching layer / extra servers at it. For me, the advantage has been in the flexibility of hosting (pretty much anyone will host static HTML for you for very little) and 'security' (the only thing executing server-side will be the webserver).
I am writing a website using Django. I need to push the web site out as soon as possible. I don't need a lot of amazing things right now.
I am concern about the future development.
If I enable registration, which means I allow more contents to be writable. If I don't, then only the admins can publish the content. The website isn't exactly a CMS.
This is a big problem, as I will continue to add new features and rewriting codes (either by adapting third-party apps, or rewrites the app itself). So how would either path affects my database contents?
So the bottom line is, how do I ensure as the development continues, I can ensure the safety of my data?
I hope someone can offer a little insights on this matter.
Thank you very much. It's hard to describe my concern, really.
Whatever functionalities you will add after, if you add new fields, etc ... you can still migrate your data to the "new" database.
It becomes more complicated with relationships, because you might have integrity problems. Say you have a Comment model, and say you don't enable registration, so all users can comment on certain posts. If after, you decide to enable registration, and you decide that ALL the comments have to be associated with a user, then you will have problems migrating your data, because you'll have lots of comments for which you'll have to make up a user, or that you'll just have to drop. Of course, in that case there would be work-arounds, but it is just to illustrate some of the problems you might encounter later.
Personally, I try to have a good data-model, with only the minimum necessary fields (more fields will come after, with new functionalities). I especially try to avoid having to add new foreign keys in already existing models. For example, it is fine to add a new model later, with a foreign key to existing model, but the opposite is more complicated.
Finally, I am not sure about why you hesitate to enable registration. It is actually very very simple to do (you can for example use django-registration, and you would just have to write some urlconf, and some templates, and that's all ...)
Hope this helps !
if you are afraid of data migration, just use south...
I am using the built in comment system with Django but it has started to be spammed. Can anyone recommend anything I can use to stop this such as captcha for django etc. I'm looking for something that I can use along with the comment system rather than replacing it.
Thanks
Do you use all the fields of the built in comments-form? There is a honeypot-field to help prevent spam (see the docs). Would django-simple-captcha help?
see if this snippet can help you to use Akismet on you Django comments
Depending on the popularity of your site, I decreased my spam 100% by putting up a static captcha with no obstructions. If your site isn't hugely popular, spammers won't waste their time trying to crack your captcha. I mainly bring this up, because these days it seems like captchas are becoming harder and harder for humans to read consistently (might just be me, but the Google captcha usually takes at least two tries).
Suppose you are running a Django site, and have a legacy PHP forum to support and integrate into your site, since current Django forum solutions are not mature enough.
What is the best way to do this?
Currently I have a simple view, which renders a very simple template which extends my site's base template, and the content area has nothing but an <IFRAME> which holds the forum as its src. A small jQuery function is used to maximize the <IFRAME>'s height (once it finishes loading) so as to contain 100% of the forum content.
But all of this sounds pretty awkward. How would you go about this?
There are a few options. None are ideal (but mixing two platforms never is!)
Use iframes as you've suggested (bad as the address in the address bar is always that of the django page and if somebody copes a link off the forum, it will be the PHP forum, not the django holder)
Use iframes but instead of using the same src all the time, parse the URL and append the relative bit onto the src of the iframe. ie if django sees /forum/this-url, set the src to http://forum-address/this-url and make sure all your links target parent. This has the advantage of showing the correct link in the address bar at all times (rather than it always being /forum/). You'll need to hack your forum for this to work.
Proxy the content and inject it into the page properly. You'll need to pass cookies and it might get really messy but in most terms, this is a great way to integrate things because your links will always be correct. You'll need to butcher your forum theme to strip out everything outside and including the <body> tags.
Theme your forum in the same way as the Django site. This would give best performance but you might have issues if you use dynamic stuff in your django template. An option to get around this is by having the django template cache things to memcache and using php-memcache to pull them out into your forum template.
I have done both 3 and 4 in the past. I used 3 for a very simple form (so didn't have to deal with cookies and sessions as you will). I used 4 for integrating a FluxBB forum into a Wordpress install. Both PHP but it would be uber bloat to load FluxBB inside Wordpress. I cached the dynamic template things into memcache and pulled them out in the forum template.
For this, I would probably suggest going with #4. It's a pain in the arse having to maintain two themes but it's by far the fastest performing solution.
When I read the question summary I immediately thought that you would need some kind of script, which could be linked to a signal via the Dispatcher in Django, to syncronize the user database from your Django site to the forum. This would keep the authentication side of things in check - but you still need to do one of the things that Oli has suggested, to make them look the same.
Themeing will probably be the least hassle-free route, but that's not to say it will be easy!