Pyramid Security

4,565 views

Published on

Introducing what's the stack pyramid has.

Published in: Technology, News & Politics
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,565
On SlideShare
0
From Embeds
0
Number of Embeds
2,538
Actions
Shares
0
Downloads
8
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Pyramid Security

    1. 1. Pyramid Security
    2. 2. Who are you?村岡友介MURAOKA Yusuke@jbkingSelf Contractorpylons-japypy-jadjango-ja
    3. 3. AgendaSecurityBasicsAuthenticationAuthorizationAdvanced
    4. 4. Before dive into... http://bit.ly/PyramidSecurity-
    5. 5. What about Security applicatio csrf, n injections,Tons of topics we xsscould discuss identifier, framework authn,Can be categorized authzinto some layers poisoning, infra- structure sniffing,We focus today“framework”layer ddos shoulder social hack
    6. 6. No Security Pyramid development.ini production.ini proj/templates/mytemplate.pt proj/models.py proj/views.py proj/scripts proj/scripts/initializedb.py proj/scripts/__init__.py proj/__init__.py proj/tests.py small starting...
    7. 7. No Security Pyramid development.ini Configuration production.ini proj/templates/mytemplate.pt proj/models.py MV of MVC proj/views.py proj/scripts proj/scripts/initializedb.py proj/scripts/__init__.py proj/__init__.py Make WSGI app proj/tests.py small starting...
    8. 8. Security
    9. 9. BasicsAuthentication /etc/passwdAuthorization ls -l . -rw-r--r-- 1 yusuke staff
    10. 10. Basics
    11. 11. Basics
    12. 12. Easy enough?
    13. 13. How to Enable Security# in bootstrapauthentication_policy = AnAuthenticationPolicy()authorization_policy = AnAuthorizationPolicy()config = Configurator(settings=settings)config.set_authentication_policy(authentication_policy)config.set_authorization_policy(authorization_policy)# in views@view_config(permission=’...’, ...)def logout(request): headers = forget(request) ...
    14. 14. Authentication in Usageauthenticated_userid(request)unauthenticated_userid(request)effective_principals(request)forget(request)remember(request, principal, **kw)
    15. 15. Authentication in Usageauthenticated_userid(request)unauthenticated_userid(request)effective_principals(request)forget(request) Responseremember(request, principal, **kw) Headers
    16. 16. Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request) effective_principals(request) remember(request, principal, **kw) forget(request)
    17. 17. Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request) Principals effective_principals(request) remember(request, principal, **kw) Response forget(request) Headers
    18. 18. BundledAuthentication Policy AuthTktAuthenticationPolicy RemoteUserAuthenticationPolicy RepozeWho1AuthenticationPolic y
    19. 19. Authorization in Usagehas_permission(permission, context, request)principals_allowed_by_permission(context, permission)view_execution_permitted(context, permission, name=’’)
    20. 20. Authorization in Usage Checkhas_permission(permission, context, request) Permissio nprincipals_allowed_by_permission(context, permission)view_execution_permitted(context, permission, name=’’)
    21. 21. Authorization Policyinterface IAuthorizationPolicy principals_allowed_by_permission(context, permission) permits(context, principals, permission)
    22. 22. Authorization Policyinterface IAuthorizationPolicy principals_allowed_by_permission(context, permission) Check permits(context, principals, permission) Permissio n
    23. 23. Bundled Authorization Policy ACLAuthorizationPolic
    24. 24. Any Question?
    25. 25. Advanced
    26. 26. Security Pyramiddevelopment.iniproduction.iniproj/templates/mytemplate.ptproj/models.pyproj/views.pyproj/resources.pyproj/authentication.pyproj/authorization.py...
    27. 27. Security Pyramiddevelopment.iniproduction.iniproj/templates/mytemplate.ptproj/models.pyproj/views.pyproj/resources.py Find Resourceproj/authentication.py Custom Securityproj/authorization.py...
    28. 28. Typical Stack# in bootstrapauthentication_policy = CustomAuthTktAuthenticationPolicy(seekrit)authorization_policy = ACLAuthorizationPolicy()config.add_route(..., ..., factory=resources.find_object)# in resourcesdef find_object(request): obj = ... assert getattr(obj, ‘__acl__’, None) is not None return obj# in modelsclass Model: __acl__ = [(Allow, Authenticated, ‘view’)]
    29. 29. Always Tom Authenticationclass AlwaysTomPolicy(CallbackAuthenticationPolicy): def unauthenticated_userid(self, request): return ‘tom’ def remember(self, request, principal, **kw): return [] def forget(self, request): return []
    30. 30. LDAP? Other Authn? pip search repoze.who
    31. 31. Any Question again?
    32. 32. Thanks :)

    ×