Hi I have been developing in pylons for about one year and half and since then i always wish that we had our own built-in auth system like django has it. (i know this will not happen). with every project i wrote my own auth system (because i do not like repoze - for simple projects it's an overkill and for big project you can not modify it easily) so i was wondering if you could tell me where should i be careful for security wholes.
at login post (if success) i put user_id in session and then i secure every action with decorator. that decorator checks if the user is signed in (if there is user_id in session) and if that user has permission for that action. because of its simplicity i fell that it needs a bit of security touch. if you look at repoze.who&what or any other auth lib there is a ton of code so there is got to be a reason for that. best karantan -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
