[Twisted-web] Finer-Grained Security System for Twisted Web/Nevow?

James Y Knight foom at fuhm.net
Sun Apr 19 15:57:21 EDT 2009


On Apr 19, 2009, at 5:40 AM, Jeff Rush wrote:
> 1) It is rather monolithic; you can't grant access to this page or  
> that one selectively, or perhaps add a security check into the URL  
> traversal steps to control access to a hierarchy of sub-pages.   
> Viewing the portal as the frontdoor of a site requiring  
> authentication, it makes it tricky to have some non-authenticating  
> pages for visitors to register or have their forgotten password  
> mailed to them.  [...]
>
> 2) Alternatively, one could dynamically generate a custom tree of  
> pages/resources within the realm object, returning a different tree  
> depending                           upon the identity/permissions of  
> the user.  [...]

I haven't done any development like this for a number of years, but  
when I was, I also found cred/portal/guard rather cumbersome.

Unfortunately I don't have anything actually useful to add to the  
discussion, but I feel your pain. :)

James



More information about the Twisted-web mailing list