Can Pyramid's built-in authentication / authorization implement complex security schemes?

Question

Can Pyramid's built-in authentication / authorization implement complex security schemes?

It seems that the security model is suitable for very small projects, but it is probably not possible to write all valid hashed passwords of registered users in security.py. Do you know any examples of scalability of authentication in Pyramid, or are there any advantages to calling Pyramid's security scheme in my own security database?

+5

python security pyramid scaling

nnythm Aug 18 '11 at 8:16

source share

3 answers

, . , . . .

security.py? (. , , , ) - , , , . / .

, , " ". , :

:
pyramid auth: //
: (google, twitter ..) velruse, ..
: ; .

+8

kusut 18 . '11 9:20

In the end, I created something for myself that simplifies authentication if you use MongoDB.

https://github.com/mosesn/mongauth

It is not built into the pyramid, and the hooks are quite easy. Everything is pretty transparent.

+3

nnythm Jul 11 '12 at 21:26

source share

Tom Willis · Accepted Answer · 2011-08-18T12:46:09+0000

I don’t know what your needs are or what you mean by “security extension”, but the pyramid authentication policy is very flexible. You should understand that it does not support users and passwords, it just provides a mechanism for obtaining a user ID from an incoming request. For example, AuthTktAuthenticationPolicy keeps track of the cookie user ID that you set using the remember method.

What significant information you receive from this user ID is entirely up to you and is application specific.

So there really is a question that you can ask if your application can "increase security".

, , openid, http auth db , , . .

Can Pyramid's built-in authentication / authorization implement complex security schemes?

More articles: