utils Module

This file is part of the web2py Web Framework
Copyrighted by Massimo Di Pierro <mdipierro@cs.depaul.edu>

This file specifically includes utilities for security.

gluon.utils.AES_new(key, IV=None)[source]

Returns an AES cipher object and random IV if None specified

gluon.utils.compare(a, b)[source]

Compares two strings and not vulnerable to timing attacks

gluon.utils.fast_urandom16(urandom=[], locker=<_RLock owner=None count=0>)[source]

This is 4x faster than calling os.urandom(16) and prevents the “too many files open” issue with concurrent access to os.urandom()


Returns a hashlib digest algorithm from a string


Filter out non-IP and bad IP addresses from getaddrinfo


This function and the web2py_uuid follow from the following discussion: http://groups.google.com/group/web2py-developers/browse_thread/thread/7fd5789a7da3f09

At startup web2py compute a unique ID that identifies the machine by adding uuid.getnode() + int(time.time() * 1e3)

This is a 48-bit number. It converts the number into 16 8-bit tokens. It uses this value to initialize the entropy source (‘/dev/urandom’) and to seed random.

If os.random() is not supported, it falls back to using random and issues a warning.

gluon.utils.is_loopback_ip_address(ip=None, addrinfo=None)[source]

Determines whether the address appears to be a loopback address. This assumes that the IP is valid.



Better than a thousand words:

>>> is_valid_ip_address('127.0')
>>> is_valid_ip_address('')
>>> is_valid_ip_address('2001:660::1')

Generates a md5 hash with the given text

gluon.utils.pad(s, n=32, padchar=' ')[source]
gluon.utils.pbkdf2_hex(data, salt, iterations=1000, keylen=24, hashfunc=None)[source]
gluon.utils.secure_dumps(data, encryption_key, hash_key=None, compression_level=None)[source]
gluon.utils.secure_loads(data, encryption_key, hash_key=None, compression_level=None)[source]
gluon.utils.simple_hash(text, key='', salt='', digest_alg='md5')[source]

Generates hash with the given text using the specified digest hashing algorithm

gluon.utils.web2py_uuid(ctokens=(1225959721425506563, 612789730959886465))[source]

This function follows from the following discussion: http://groups.google.com/group/web2py-developers/browse_thread/thread/7fd5789a7da3f09

It works like uuid.uuid4 except that tries to use os.urandom() if possible and it XORs the output with the tokens uniquely associated with this machine.