[CentralOH] Website Security with Pylons/Pyramid/Akhet

Brian Costlow brian.costlow at gmail.com
Mon Jul 18 15:26:05 CEST 2011


In order to get the browser to provide a pop-up asking for authenticaton,
you have to send an http response 401 (instead of 200) when a user tries to
access the resource without being logged in. The browser is then going to
send the response back in an http header, and you'll need to handle it
there.

More here http://en.wikipedia.org/wiki/Digest_access_authentication and here
http://en.wikipedia.org/wiki/Basic_access_authentication.

I'm not familiar with Pyramid, so I don't know how to process the incoming
headers to get the returned response.

If you just like the dialog effect, I'd use a regular form, but use
javascript to create some kind of overlay div. It will look even better, and
be easier to get the input.

Remember though, none of this is secure unless you are doing it over https.

On Mon, Jul 18, 2011 at 8:22 AM, Mark Erbaugh <mark at microenh.com> wrote:

> I want to implement a simple user name / password logon for a website.  The
> website has a backend database and the user should only see entries in the
> database that are tied to his/her user name (or user id). In essence, each
> user that logs on only sees 'their' data.
>
> There is a tutorial (at http://pyramid.chromaticleaves.com/simpleauth/)
> that shows how to implement this kind security using Pyramid & Akhet, and I
> think it could be adapted for use without Akhet. It uses a http template to
> generate the log on screen. OTOH, when I use .htaccess to limit access to a
> static website served by apache, the web browser presents it's own logon
> screen. In Firefox, it pops up a dialog for user name and password. In
> Safari (Mac) a sheet descends from the title bar. Is there a way to create a
> http page that will trigger the brower's log in response rather than having
> to design the whole screen?  Designing the whole screen isn't that
> difficult, I just think that the pop up dialog / sheet looks better in this
> application.
>
> Thanks,
> Mark
>
> _______________________________________________
> CentralOH mailing list
> CentralOH at python.org
> http://mail.python.org/mailman/listinfo/centraloh
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/mailman/private/centraloh/attachments/20110718/b410c0f6/attachment.html>


More information about the CentralOH mailing list