Pyramid Security
•Download as KEY, PDF•
3 likes•3,750 views
Introducing what's the stack pyramid has.
Recommended
More Related Content
Similar to Pyramid Security
Similar to Pyramid Security (20)
More from Yusuke Muraoka
More from Yusuke Muraoka (15)
Recently uploaded
Recently uploaded (20)
Pyramid Security
- 2. Who are you? 村岡友介 MURAOKA Yusuke @jbking Self Contractor pylons-ja pypy-ja django-ja
- 4. Before dive into... http://bit.ly/PyramidSecurity-
- 5. What about Security applicatio csrf, n injections, Tons of topics we xss could discuss identifier, framework authn, Can be categorized authz into some layers poisoning, infra- structure sniffing, We focus today “framework”layer ddos shoulder social hack
- 6. No Security Pyramid development.ini production.ini proj/templates/mytemplate.pt proj/models.py proj/views.py proj/scripts proj/scripts/initializedb.py proj/scripts/__init__.py proj/__init__.py proj/tests.py small starting...
- 7. No Security Pyramid development.ini Configuration production.ini proj/templates/mytemplate.pt proj/models.py MV of MVC proj/views.py proj/scripts proj/scripts/initializedb.py proj/scripts/__init__.py proj/__init__.py Make WSGI app proj/tests.py small starting...
- 8. Security
- 9. Basics Authentication /etc/passwd Authorization ls -l . -rw-r--r-- 1 yusuke staff
- 10. Basics
- 11. Basics
- 12. Easy enough?
- 13. How to Enable Security # in bootstrap authentication_policy = AnAuthenticationPolicy() authorization_policy = AnAuthorizationPolicy() config = Configurator(settings=settings) config.set_authentication_policy(authentication_policy) config.set_authorization_policy(authorization_policy) # in views @view_config(permission=’...’, ...) def logout(request): headers = forget(request) ...
- 14. Authentication in Usage authenticated_userid(request) unauthenticated_userid(request) effective_principals(request) forget(request) remember(request, principal, **kw)
- 15. Authentication in Usage authenticated_userid(request) unauthenticated_userid(request) effective_principals(request) forget(request) Response remember(request, principal, **kw) Headers
- 16. Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request) effective_principals(request) remember(request, principal, **kw) forget(request)
- 17. Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request) Principals effective_principals(request) remember(request, principal, **kw) Response forget(request) Headers
- 18. Bundled Authentication Policy AuthTktAuthenticationPolicy RemoteUserAuthenticationPolicy RepozeWho1AuthenticationPolic y
- 19. Authorization in Usage has_permission(permission, context, request) principals_allowed_by_permission(context, permission) view_execution_permitted(context, permission, name=’’)
- 20. Authorization in Usage Check has_permission(permission, context, request) Permissio n principals_allowed_by_permission(context, permission) view_execution_permitted(context, permission, name=’’)
- 21. Authorization Policy interface IAuthorizationPolicy principals_allowed_by_permission(context, permission) permits(context, principals, permission)
- 22. Authorization Policy interface IAuthorizationPolicy principals_allowed_by_permission(context, permission) Check permits(context, principals, permission) Permissio n
- 23. Bundled Authorization Policy ACLAuthorizationPolic
- 24. Any Question?
- 25. Advanced
- 27. Security Pyramid development.ini production.ini proj/templates/mytemplate.pt proj/models.py proj/views.py proj/resources.py Find Resource proj/authentication.py Custom Security proj/authorization.py ...
- 28. Typical Stack # in bootstrap authentication_policy = CustomAuthTktAuthenticationPolicy('seekrit') authorization_policy = ACLAuthorizationPolicy() config.add_route(..., ..., factory=resources.find_object) # in resources def find_object(request): obj = ... assert getattr(obj, ‘__acl__’, None) is not None return obj # in models class Model: __acl__ = [(Allow, Authenticated, ‘view’)]
- 29. Always Tom Authentication class AlwaysTomPolicy(CallbackAuthenticationPolicy): def unauthenticated_userid(self, request): return ‘tom’ def remember(self, request, principal, **kw): return [] def forget(self, request): return []
- 30. LDAP? Other Authn? pip search repoze.who
- 32. Thanks :)
Editor's Notes
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n