[Twisted-Python] Re: cred and stateless protocols
Manlio Perillo
manlio_perillo at libero.it
Wed May 3 09:20:34 MDT 2006
Nicola Larosa ha scritto:
>> Stateless protocols like HTTP use sessions for client authentication.
>
> Don't say such a thing in REST company, you could be lynched. ;-)
>
> HTTP does *not* use sessions for authentication (sessions are not defined
> in the protocol anyway): it uses headers for Basic and Digest
> authentication, see RFC 2617.
>
Ok, but it is improper to require such an authentication for each
resource... ;-)
Clients authenticate once and use "sessions" to identify themselves.
>
>> The session is created by the server and the client should supply it at
>> each request.
>
> The client supplies authentication *headers* with each request.
>
Yes.
>
>> The question is: does cred support this type of authentication?
>
> There's support in twisted.web.woven.guard and .simpleguard .
>
Ok, but maybe sessions can be used by other protocols (over UDP).
I whould like to have some support for creating secure sessions, but
maybe I just have to do urandom(some_bits)?
Thanks Manlio Perillo
More information about the Twisted-Python
mailing list