Hey all ---
I have been working on a HTTP digest authentication module for
web.py. Digest authentication isn’t used nearly as much as cookie
based authentication, but it has the advantage of never requiring the
password to be sent in plaintext. (It has disadvantages, like
inconsistent browser implementation and the difficulty of a graceful
logout, but I’ve done what I could to address those problems). It’s a
really good option for web services.
The basic idea is that you feed it a function that does a lookup in
your user table for the password hash, and then all you need to do is
add a decorator, like so:
def userPasswordHash(user, realm):
users = { 'falken' : digestauth.H('falken:wall:joshua'),
'joe bob': digestauth.H('joe bob:wall:password') }
return users[user]
# Create your decorator
auth = digestauth.auth(userPasswordHash, realm='wall')
Then, just use the decorator before the method you want to protect:
class write(object):
@auth
def POST(self):
# your code here...
The module is at http://www.autopond.com/digestauth.py
Sample code using the module is at http://www.autopond.com/authwall.py
These are temporary homes. If there is any interest in this I’ll put
it in a proper repository with more permanence. Please let me know
what you think.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
