Chapter 22. TurboGears Identity and Security


In This Chapter

  • 22.1 Basic Authentication/Authorization with Identity 418

  • 22.2 Validating User Access with Identity 424

  • 22.3 Avoiding Common Security Pitfalls 426

  • 22.4 Summary 426

There are two major segments to creating a "secure" web application. You need to write code to manage user authentication and authorization to assure that you grant access only to the right people. Then you need to make sure that you don't write application code that opens you up to potentially malicious behavior.

For the first set of issues, TurboGears provides the Identity framework, which can handle user authentication for you, and provides a very user-friendly API for adding authorization logic into your application.

For the second set, TurboGears provides a number of "automatic" mechanisms to help you avoid cross-site scripting and SQL injection attacks. TurboGears is designed around the philosophy that it should feel easy and natural to do the right thing when it comes to writing secure code. Of course, that doesn't mean you can ignore the potential security problems you might face. In this chapter we'll go over the major types of vulnerabilities so you'll be able to avoid them.




Rapid Web Applications with TurboGears(c) Using Python to Create Ajax-Powered Sites
Rapid Web Applications with TurboGears: Using Python to Create Ajax-Powered Sites
ISBN: 0132433885
EAN: 2147483647
Year: 2006
Pages: 202

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net