[Twisted-web] Session Based Security for PyAmf application
Manlio Perillo
manlio_perillo at libero.it
Tue Aug 19 05:28:33 EDT 2008
Phil Mayers ha scritto:
> [...]
>
> Something like Digest HTTP auth is the "safe" way to secure an HTTP
> session - you can even (though I've not seen this commonly uses) re-use
> the digest session ID as a server-side key into application session
> storage.
>
I'm doing this in my WSGI framework:
http://hg.mperillo.ath.cx/wsgix/file/tip/wsgix/auth/auth_digest.py
HTTP Digest Authentication really solves a lot a problems, it's very
unfortunately that it's still poorly implemented in browsers.
Manlio Perillo
More information about the Twisted-web
mailing list