Chapter 22. TurboGears Identity and Security

Previous page
Table of content
Next page

In This Chapter

  • 22.1 Basic Authentication/Authorization with Identity 418

  • 22.2 Validating User Access with Identity 424

  • 22.3 Avoiding Common Security Pitfalls 426

  • 22.4 Summary 426

There are two major segments to creating a "secure" web application. You need to write code to manage user authentication and authorization to assure that you grant access only to the right people. Then you need to make sure that you don't write application code that opens you up to potentially malicious behavior.

For the first set of issues, TurboGears provides the Identity framework, which can handle user authentication for you, and provides a very user-friendly API for adding authorization logic into your application.

For the second set, TurboGears provides a number of "automatic" mechanisms to help you avoid cross-site scripting and SQL injection attacks. TurboGears is designed around the philosophy that it should feel easy and natural to do the right thing when it comes to writing secure code. Of course, that doesn't mean you can ignore the potential security problems you might face. In this chapter we'll go over the major types of vulnerabilities so you'll be able to avoid them.



Previous page
Table of content
Next page
Rapid Web Applications with TurboGears(c) Using Python to Create Ajax-Powered Sites
Rapid Web Applications with TurboGears: Using Python to Create Ajax-Powered Sites
ISBN: 0132433885
EAN: 2147483647
Year: 2006
Pages: 202
Authors: Mark Ramm, Kevin Dangoor, Gigi Sayfan
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
GO! with Microsoft Office 2003 Brief (2nd Edition)
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Sap Bw: a Step By Step Guide for Bw 2.0
Java Concurrency in Practice
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy