TraceKnack FAQ

Is TraceKnack secure?

No no no! And nor should it be. The whole point of TraceKnack is to let you grub around in the messy guts of your application, the very places you don’t want untrusted users rummaging. Use TraceKnack on your private, development server only.

What frameworks are supported?

Right now, CherryPy, and TurboGears (which is built on top of CherryPy). There’s also a WSGI middleware wrapper that adds TraceKnack support to any WSGI stack that features a ‘persistent’ Python execution environment — ie one in which Python scripts remain loaded in memory. A setup such as running Apache + cgi-bin, with Python being called as a fresh script each time won’t work, as the exception information will be forgotten.

Apache with mod_python on the other hand, should be fine. It’s also easy to add specific TraceKnack support to any ‘persistent’ Python framework, if you need more customised support than the general WSGI wrapper.

Talking of forgetting exception information…

When an exception is passed into TraceKnack, it’s stored, so that the information is still available for subsequent requests — when you navigate around the call stack, or dig into structures. This can add up to quite a large chunk of data, so exceptions are cleared after a while. At the moment, this is 5 minutes after the last time you used it — the last time you refreshed the page, poked at a variable or browsed up or down the stack.

I’ve written an interface module for Framework X…

If Framework X is a publically-available framework, we’d like to offer your interface with TraceKnack (under the same license as the rest of the package). If you’re happy with that, please send it in…