[Web-SIG] Developer authentication spec

William Dode wilk at flibuste.net
Tue Jul 14 09:46:49 CEST 2009

On 13-07-2009, Graham Dumpleton wrote:
> 2009/7/14 Ian Bicking <ianb at colorstudy.com>:
>> I wrote up a spec a while
>> ago: http://wsgi.org/wsgi/Specifications/developer_auth
>> The goal is a single way to indicate to debugging and developer tools when
>> the developer is logged in.  This is orthogonal to normal application
>> authentication.  It would control access to things like interactive
>> debuggers, but could also be used to show information about template
>> rendering, profiling, etc.  My goal in making this a specification is to
>> encourage wider use of the technique in debugging tools (consumers), so they
>> can use a consistent means of protecting private information or tools
>> intended for developers.
>> Since I wrote the spec I've written up an implementation:
>> https://svn.openplans.org/svn/DevAuth/trunk
>> Last time I brought this up there wasn't any response, but I'm hoping
>> it'll... I dunno, make more sense or seem more interesting now.
> For in browser debuggers, I think a rethink is needed as to how they
> work. Currently they are only of use if the person who made the
> request triggered the error and the debugger is enabled. This is
> useless if you want to debug a problem that happened at an arbitrary
> time through the actions of an arbitrary user and you don't have a
> clue how to reproduce it.


Great project !

We should not forget the possibility of a server without access, or 
a server wich will be restarted. I mean that the state should be 

Currently, when my server catch an exception, it send the most it can to 
an url (traceback + logs).  On this url i record the data and send an 

William Dodé - http://flibuste.net
Informaticien Indépendant

More information about the Web-SIG mailing list