[Twisted-Python] Is it necessary to utilize twisted.cred in twisted web?

Alex Clemesha clemesha at gmail.com
Tue Oct 6 00:19:18 EDT 2009


Hi,

I'd love to provide a 'canonical answer' to this question, but unfortunately
it is something that I've been confused with in the past too.

I'm hoping there is a sort of 'best practice' answer to this, and I'd
additionally hope that this answer might appear in this extremely
good running series on Twisted Web:
http://jcalderone.livejournal.com/tag/sixty+seconds


thanks,
Alex




On Mon, Oct 5, 2009 at 9:08 PM, biziap biziap <fetbiz at gmail.com> wrote:
> I have googled this topic and found and example in
> (A) http://www.mail-archive.com/twisted-web@twistedmatrix.com/msg01796.html
> well, another simpler example is
> (B) http://www.mail-archive.com/twisted-web@twistedmatrix.com/msg01788.html
>
> My questions are:
> 1. Does the approach in (A) be recommended? To generate resource
> dynamically seems not efficient and not necessary for simple scenario.
> Is there other way to bind twisted.cred and twisted.web together?
> (except the  deprecated twisted.web.guard)
>
> 2. The approach in (B) which suggests that request.getSession() along
> is quite enough to implement an simple authentication feature. Here
> the "simple scenario" means to guard some resource with username and
> password.
> To do it: In a protected resource, just to check for a flag in the
> session, if failure, then redirect to login page. If succeeded, render
> the resource. Why shall we bother the portal, credentials,
> checker,.... ?
>
> Any suggestion? Thanks in advance.
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>



-- 
Alex Clemesha
clemesha.org



More information about the Twisted-Python mailing list