Section 22.4. Summary


22.4. Summary

  • The TurboGears Identity module makes it easy to add authentication/authorization logic to your project.

  • You can modify the identity classes in model.py to add new features; however you shouldn't remove columns or you could break your identity code.

  • Identity provides mechanisms to restrict access to particular controller methods via the @require decorator.

  • You can use SecureResource to restrict access to an entire class (and therefore an entire web directory).

  • You can use Identity checks from within your Kid templates, to custom generate pages based on user permissions.

  • TurboGears makes escaping text that goes into your HTML the default, so you have to do a little bit of work to write code that could expose a cross site scripting attack.

  • TurboGears automatically escapes data that you are sending to your database, making SQL injection attacks that much harder

  • You can still write insecure applications with TurboGears if you bypass automatic escaping mechanisms or execute user data in any way. TurboGears isn't designed to prevent you from writing insecure code, but it is designed to make doing things the right way easier.




Rapid Web Applications with TurboGears(c) Using Python to Create Ajax-Powered Sites
Rapid Web Applications with TurboGears: Using Python to Create Ajax-Powered Sites
ISBN: 0132433885
EAN: 2147483647
Year: 2006
Pages: 202

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net