Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Pyramid Security
Who are you?村岡友介MURAOKA Yusuke@jbkingSelf Contractorpylons-japypy-jadjango-ja
AgendaSecurityBasicsAuthenticationAuthorizationAdvanced
Before dive into... http://bit.ly/PyramidSecurity-
What about Security applicatio csrf, n injections,Tons of topics we...
No Security Pyramid development.ini production.ini proj/templates/mytemplate.pt proj/models.py proj/views.py proj/sc...
No Security Pyramid development.ini Configuration production.ini proj/templates/mytemp...
Security
BasicsAuthentication /etc/passwdAuthorization ls -l . -rw-r--r-- 1 yusuke staff
Basics
Basics
Easy enough?
How to Enable Security# in bootstrapauthentication_policy = AnAuthenticationPolicy()authorization_policy = AnAuthorization...
Authentication in Usageauthenticated_userid(request)unauthenticated_userid(request)effective_principals(request)forget...
Authentication in Usageauthenticated_userid(request)unauthenticated_userid(request)effective_principals(request)forget...
Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request)...
Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request)...
BundledAuthentication Policy AuthTktAuthenticationPolicy RemoteUserAuthenticationPolicy RepozeWho1AuthenticationPoli...
Authorization in Usagehas_permission(permission, context, request)principals_allowed_by_permission(context, permission)vie...
Authorization in Usage Checkhas_permission(permission, context, request) Per...
Authorization Policyinterface IAuthorizationPolicy principals_allowed_by_permission(context, permission) permits(context...
Authorization Policyinterface IAuthorizationPolicy principals_allowed_by_permission(context, permission) ...
Bundled Authorization Policy ACLAuthorizationPolic
Any Question?
Advanced
Security Pyramiddevelopment.iniproduction.iniproj/templates/mytemplate.ptproj/models.pyproj/views.pyproj/resources.pyproj/...
Security Pyramiddevelopment.iniproduction.iniproj/templates/mytemplate.ptproj/models.pyproj/views.pyproj/resources.py ...
Typical Stack# in bootstrapauthentication_policy = CustomAuthTktAuthenticationPolicy(seekrit)authorization_policy = ACLAut...
Always Tom Authenticationclass AlwaysTomPolicy(CallbackAuthenticationPolicy): def unauthenticated_userid(self, r...
LDAP? Other Authn? pip search repoze.who
Any Question again?
Thanks :)
Upcoming SlideShare
Loading in …5
×

Pyramid Security

4,817 views

Published on

Introducing what's the stack pyramid has.

Published in: Technology, News & Politics
no profile picture user

  • Be the first to comment

Pyramid Security

  1. 1. Pyramid Security
  2. 2. Who are you?村岡友介MURAOKA Yusuke@jbkingSelf Contractorpylons-japypy-jadjango-ja
  3. 3. AgendaSecurityBasicsAuthenticationAuthorizationAdvanced
  4. 4. Before dive into... http://bit.ly/PyramidSecurity-
  5. 5. What about Security applicatio csrf, n injections,Tons of topics we xsscould discuss identifier, framework authn,Can be categorized authzinto some layers poisoning, infra- structure sniffing,We focus today“framework”layer ddos shoulder social hack
  6. 6. No Security Pyramid development.ini production.ini proj/templates/mytemplate.pt proj/models.py proj/views.py proj/scripts proj/scripts/initializedb.py proj/scripts/__init__.py proj/__init__.py proj/tests.py small starting...
  7. 7. No Security Pyramid development.ini Configuration production.ini proj/templates/mytemplate.pt proj/models.py MV of MVC proj/views.py proj/scripts proj/scripts/initializedb.py proj/scripts/__init__.py proj/__init__.py Make WSGI app proj/tests.py small starting...
  8. 8. Security
  9. 9. BasicsAuthentication /etc/passwdAuthorization ls -l . -rw-r--r-- 1 yusuke staff
  10. 10. Basics
  11. 11. Basics
  12. 12. Easy enough?
  13. 13. How to Enable Security# in bootstrapauthentication_policy = AnAuthenticationPolicy()authorization_policy = AnAuthorizationPolicy()config = Configurator(settings=settings)config.set_authentication_policy(authentication_policy)config.set_authorization_policy(authorization_policy)# in views@view_config(permission=’...’, ...)def logout(request): headers = forget(request) ...
  14. 14. Authentication in Usageauthenticated_userid(request)unauthenticated_userid(request)effective_principals(request)forget(request)remember(request, principal, **kw)
  15. 15. Authentication in Usageauthenticated_userid(request)unauthenticated_userid(request)effective_principals(request)forget(request) Responseremember(request, principal, **kw) Headers
  16. 16. Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request) effective_principals(request) remember(request, principal, **kw) forget(request)
  17. 17. Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request) Principals effective_principals(request) remember(request, principal, **kw) Response forget(request) Headers
  18. 18. BundledAuthentication Policy AuthTktAuthenticationPolicy RemoteUserAuthenticationPolicy RepozeWho1AuthenticationPolic y
  19. 19. Authorization in Usagehas_permission(permission, context, request)principals_allowed_by_permission(context, permission)view_execution_permitted(context, permission, name=’’)
  20. 20. Authorization in Usage Checkhas_permission(permission, context, request) Permissio nprincipals_allowed_by_permission(context, permission)view_execution_permitted(context, permission, name=’’)
  21. 21. Authorization Policyinterface IAuthorizationPolicy principals_allowed_by_permission(context, permission) permits(context, principals, permission)
  22. 22. Authorization Policyinterface IAuthorizationPolicy principals_allowed_by_permission(context, permission) Check permits(context, principals, permission) Permissio n
  23. 23. Bundled Authorization Policy ACLAuthorizationPolic
  24. 24. Any Question?
  25. 25. Advanced
  26. 26. Security Pyramiddevelopment.iniproduction.iniproj/templates/mytemplate.ptproj/models.pyproj/views.pyproj/resources.pyproj/authentication.pyproj/authorization.py...
  27. 27. Security Pyramiddevelopment.iniproduction.iniproj/templates/mytemplate.ptproj/models.pyproj/views.pyproj/resources.py Find Resourceproj/authentication.py Custom Securityproj/authorization.py...
  28. 28. Typical Stack# in bootstrapauthentication_policy = CustomAuthTktAuthenticationPolicy(seekrit)authorization_policy = ACLAuthorizationPolicy()config.add_route(..., ..., factory=resources.find_object)# in resourcesdef find_object(request): obj = ... assert getattr(obj, ‘__acl__’, None) is not None return obj# in modelsclass Model: __acl__ = [(Allow, Authenticated, ‘view’)]
  29. 29. Always Tom Authenticationclass AlwaysTomPolicy(CallbackAuthenticationPolicy): def unauthenticated_userid(self, request): return ‘tom’ def remember(self, request, principal, **kw): return [] def forget(self, request): return []
  30. 30. LDAP? Other Authn? pip search repoze.who
  31. 31. Any Question again?
  32. 32. Thanks :)

×