[Twisted-Python] Is it necessary to utilize twisted.cred in twisted web?

Alex Clemesha clemesha at gmail.com
Tue Oct 6 00:19:18 EDT 2009


I'd love to provide a 'canonical answer' to this question, but unfortunately
it is something that I've been confused with in the past too.

I'm hoping there is a sort of 'best practice' answer to this, and I'd
additionally hope that this answer might appear in this extremely
good running series on Twisted Web:


On Mon, Oct 5, 2009 at 9:08 PM, biziap biziap <fetbiz at gmail.com> wrote:
> I have googled this topic and found and example in
> (A) http://www.mail-archive.com/twisted-web@twistedmatrix.com/msg01796.html
> well, another simpler example is
> (B) http://www.mail-archive.com/twisted-web@twistedmatrix.com/msg01788.html
> My questions are:
> 1. Does the approach in (A) be recommended? To generate resource
> dynamically seems not efficient and not necessary for simple scenario.
> Is there other way to bind twisted.cred and twisted.web together?
> (except the  deprecated twisted.web.guard)
> 2. The approach in (B) which suggests that request.getSession() along
> is quite enough to implement an simple authentication feature. Here
> the "simple scenario" means to guard some resource with username and
> password.
> To do it: In a protected resource, just to check for a flag in the
> session, if failure, then redirect to login page. If succeeded, render
> the resource. Why shall we bother the portal, credentials,
> checker,.... ?
> Any suggestion? Thanks in advance.
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Alex Clemesha

More information about the Twisted-Python mailing list