dear Jonathan, I write here my setup: I have a frontend nginx server with SSL, on the backend pyramid. I use beaker session and "session.secure = true", this way I limit the cookies to HTTPS. If somebody try to use HTTP it will redirected to HTTPS and the a new session will generated if not exist. This way I am sure all the session are secure.
If you are looking for to encrypt just a part of your project, work with urls and maybe have a second pyramid running just for SSL as explained above. I hope to give you help with this, we can discuss further if you need. regards, f. On Sat, Mar 10, 2012 at 19:31, Jonathan Vanasco <[email protected]> wrote: > I'd like to limit certain operations to https , instead of http. > > The problem is that pyramid is often behind a front-end server , which > is handling the http and https connections, and oblivious to the > protocol. > > Does anyone have a good idea how to proceed ? The only thing I can > think of is to have the front-end environment set a request header > with a rotating secret. > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
