[Twisted-web] Finer-Grained Security System for Twisted Web/Nevow?
James Y Knight
foom at fuhm.net
Sun Apr 19 15:57:21 EDT 2009
On Apr 19, 2009, at 5:40 AM, Jeff Rush wrote:
> 1) It is rather monolithic; you can't grant access to this page or
> that one selectively, or perhaps add a security check into the URL
> traversal steps to control access to a hierarchy of sub-pages.
> Viewing the portal as the frontdoor of a site requiring
> authentication, it makes it tricky to have some non-authenticating
> pages for visitors to register or have their forgotten password
> mailed to them. [...]
> 2) Alternatively, one could dynamically generate a custom tree of
> pages/resources within the realm object, returning a different tree
> depending upon the identity/permissions of
> the user. [...]
I haven't done any development like this for a number of years, but
when I was, I also found cred/portal/guard rather cumbersome.
Unfortunately I don't have anything actually useful to add to the
discussion, but I feel your pain. :)
More information about the Twisted-web