[Web-SIG] Developer authentication spec
William Dode
wilk at flibuste.net
Tue Jul 14 09:46:49 CEST 2009
On 13-07-2009, Graham Dumpleton wrote:
> 2009/7/14 Ian Bicking <ianb at colorstudy.com>:
>> I wrote up a spec a while
>> ago: http://wsgi.org/wsgi/Specifications/developer_auth
>> The goal is a single way to indicate to debugging and developer tools when
>> the developer is logged in. This is orthogonal to normal application
>> authentication. It would control access to things like interactive
>> debuggers, but could also be used to show information about template
>> rendering, profiling, etc. My goal in making this a specification is to
>> encourage wider use of the technique in debugging tools (consumers), so they
>> can use a consistent means of protecting private information or tools
>> intended for developers.
>> Since I wrote the spec I've written up an implementation:
>> https://svn.openplans.org/svn/DevAuth/trunk
>> Last time I brought this up there wasn't any response, but I'm hoping
>> it'll... I dunno, make more sense or seem more interesting now.
>
> For in browser debuggers, I think a rethink is needed as to how they
> work. Currently they are only of use if the person who made the
> request triggered the error and the debugger is enabled. This is
> useless if you want to debug a problem that happened at an arbitrary
> time through the actions of an arbitrary user and you don't have a
> clue how to reproduce it.
...
Great project !
We should not forget the possibility of a server without access, or
a server wich will be restarted. I mean that the state should be
transportable.
Currently, when my server catch an exception, it send the most it can to
an url (traceback + logs). On this url i record the data and send an
email.
--
William Dodé - http://flibuste.net
Informaticien Indépendant
More information about the Web-SIG
mailing list