Pyramid Security
Sep. 15, 2012•0 likes•3,748 views
Download to read offline
Report
Technology
News & Politics
Introducing what's the stack pyramid has.
Yusuke MuraokaFollow
More Related Content
Similar to Pyramid Security
Fun With Spring SecurityBurt Beckwith
Security: Odoo Code HardeningOdoo
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
Implementing AuthorizationTorin Sandall
Java EE Application Security With PicketLinkpigorcraveiro
CBSecurity - Secure all ThingsOrtus Solutions, Corp
More from Yusuke Muraoka
いかにして問題をとくかYusuke Muraoka
Pythonistaで始めるiOSプロトタイプ開発Yusuke Muraoka
私のPythonとの関わりかたYusuke Muraoka
Substance D world-plone-day-2017Yusuke Muraoka
Pythonistaの使い方Yusuke Muraoka
Gunma.web #24 MySQL HAYusuke Muraoka
Recently uploaded
The Ultimate Administrator’s Guide to HCL Nomad Webpanagenda
How to use the Cataloguing Code Ethics at your day job : a hands-on workshop ...CILIP MDG
Google Cloud Study Jams Info SessionGDSCPCCE
Die ultimative Anleitung für HCL Nomad Web Administratorenpanagenda
Document Understanding as Cloud APIs and Generative AI Pre-labeling Extractio...DianaGray10
Elevate Your Enterprise with FME 23.1Safe Software
Pyramid Security
- 1. Pyramid Security
- 2. Who are you? 村岡友介 MURAOKA Yusuke @jbking Self Contractor pylons-ja pypy-ja django-ja
- 3. Agenda Security Basics Authentication Authorization Advanced
- 4. Before dive into... http://bit.ly/PyramidSecurity-
- 5. What about Security applicatio csrf, n injections, Tons of topics we xss could discuss identifier, framework authn, Can be categorized authz into some layers poisoning, infra- structure sniffing, We focus today “framework”layer ddos shoulder social hack
- 6. No Security Pyramid development.ini production.ini proj/templates/mytemplate.pt proj/models.py proj/views.py proj/scripts proj/scripts/initializedb.py proj/scripts/__init__.py proj/__init__.py proj/tests.py small starting...
- 7. No Security Pyramid development.ini Configuration production.ini proj/templates/mytemplate.pt proj/models.py MV of MVC proj/views.py proj/scripts proj/scripts/initializedb.py proj/scripts/__init__.py proj/__init__.py Make WSGI app proj/tests.py small starting...
- 8. Security
- 9. Basics Authentication /etc/passwd Authorization ls -l . -rw-r--r-- 1 yusuke staff
- 10. Basics
- 11. Basics
- 12. Easy enough?
- 13. How to Enable Security # in bootstrap authentication_policy = AnAuthenticationPolicy() authorization_policy = AnAuthorizationPolicy() config = Configurator(settings=settings) config.set_authentication_policy(authentication_policy) config.set_authorization_policy(authorization_policy) # in views @view_config(permission=’...’, ...) def logout(request): headers = forget(request) ...
- 14. Authentication in Usage authenticated_userid(request) unauthenticated_userid(request) effective_principals(request) forget(request) remember(request, principal, **kw)
- 15. Authentication in Usage authenticated_userid(request) unauthenticated_userid(request) effective_principals(request) forget(request) Response remember(request, principal, **kw) Headers
- 16. Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request) effective_principals(request) remember(request, principal, **kw) forget(request)
- 17. Authentication Policy interface IAuthenticationPolicy authenticated_userid(request) unauthenticated_userid(request) Principals effective_principals(request) remember(request, principal, **kw) Response forget(request) Headers
- 18. Bundled Authentication Policy AuthTktAuthenticationPolicy RemoteUserAuthenticationPolicy RepozeWho1AuthenticationPolic y
- 19. Authorization in Usage has_permission(permission, context, request) principals_allowed_by_permission(context, permission) view_execution_permitted(context, permission, name=’’)
- 20. Authorization in Usage Check has_permission(permission, context, request) Permissio n principals_allowed_by_permission(context, permission) view_execution_permitted(context, permission, name=’’)
- 21. Authorization Policy interface IAuthorizationPolicy principals_allowed_by_permission(context, permission) permits(context, principals, permission)
- 22. Authorization Policy interface IAuthorizationPolicy principals_allowed_by_permission(context, permission) Check permits(context, principals, permission) Permissio n
- 23. Bundled Authorization Policy ACLAuthorizationPolic
- 24. Any Question?
- 25. Advanced
- 26. Security Pyramid development.ini production.ini proj/templates/mytemplate.pt proj/models.py proj/views.py proj/resources.py proj/authentication.py proj/authorization.py ...
- 27. Security Pyramid development.ini production.ini proj/templates/mytemplate.pt proj/models.py proj/views.py proj/resources.py Find Resource proj/authentication.py Custom Security proj/authorization.py ...
- 28. Typical Stack # in bootstrap authentication_policy = CustomAuthTktAuthenticationPolicy('seekrit') authorization_policy = ACLAuthorizationPolicy() config.add_route(..., ..., factory=resources.find_object) # in resources def find_object(request): obj = ... assert getattr(obj, ‘__acl__’, None) is not None return obj # in models class Model: __acl__ = [(Allow, Authenticated, ‘view’)]
- 29. Always Tom Authentication class AlwaysTomPolicy(CallbackAuthenticationPolicy): def unauthenticated_userid(self, request): return ‘tom’ def remember(self, request, principal, **kw): return [] def forget(self, request): return []
- 30. LDAP? Other Authn? pip search repoze.who
- 31. Any Question again?
- 32. Thanks :)
Editor's Notes
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n