[Twisted-web] Session Based Security for PyAmf application
Shawn Church
shawn at schurchcomputers.com
Tue Aug 19 16:12:38 EDT 2008
For the present I will just use the default session
(t.w.s.Request.getSession()) to store the User data. When I have some time
I will take a closer look at the new t.w.guard stuff.
Thanks everyone for all of the help.
Shawn Church
On Tue, Aug 19, 2008 at 2:28 AM, Manlio Perillo <manlio_perillo at libero.it>w=
rote:
> Phil Mayers ha scritto:
>
>> [...]
>>
>> Something like Digest HTTP auth is the "safe" way to secure an HTTP
>> session - you can even (though I've not seen this commonly uses) re-use =
the
>> digest session ID as a server-side key into application session storage.
>>
>>
> I'm doing this in my WSGI framework:
> http://hg.mperillo.ath.cx/wsgix/file/tip/wsgix/auth/auth_digest.py
>
> HTTP Digest Authentication really solves a lot a problems, it's very
> unfortunately that it's still poorly implemented in browsers.
>
>
>
> Manlio Perillo
>
>
>
> _______________________________________________
> Twisted-web mailing list
> Twisted-web at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-web/attachments/20080819/b7=
fb9815/attachment.htm
More information about the Twisted-web
mailing list