[Twisted-web] Session Based Security for PyAmf application

Manlio Perillo manlio_perillo at libero.it
Tue Aug 19 05:28:33 EDT 2008


Phil Mayers ha scritto:
> [...]
> 
> Something like Digest HTTP auth is the "safe" way to secure an HTTP 
> session - you can even (though I've not seen this commonly uses) re-use 
> the digest session ID as a server-side key into application session 
> storage.
> 

I'm doing this in my WSGI framework:
http://hg.mperillo.ath.cx/wsgix/file/tip/wsgix/auth/auth_digest.py

HTTP Digest Authentication really solves a lot a problems, it's very 
unfortunately that it's still poorly implemented in browsers.



Manlio Perillo




More information about the Twisted-web mailing list