1

I'm making my first web app (python+webpy+mongodb). What's the best way to make authentication module? Should I save login to cookies, or just keep login/pass in variables? Do i have to make every 'restricted' function check user's rights every time it works? Maybe there are any good articles about these things?

AlexNasonov
  • 587
  • 1
  • 9
  • 21
  • "Maybe there are any good articles about these things?" Good idea. Perhaps Google search would reveal a few. What did you look for? What kind of search did you try? What confused you? http://webpy.org/cookbook/userauth was the first thing I found doing a Google search. What was confusing about this project? – S.Lott Dec 17 '11 at 23:34
  • 1
    i just don't want to take the first solution i have in hand.. – AlexNasonov Dec 18 '11 at 13:01
  • "i just don't want to take the first solution i have in hand"? Is something stopping you from reading -- perhaps -- two or three and asking **specific** questions. There are already web.py module for this. Why aren't you using those modules? – S.Lott Dec 18 '11 at 22:27
  • 1
    just to find the most secure way - I'm building a financial app... so security issues are primary – AlexNasonov Dec 23 '11 at 18:22
  • "Maybe there are any good articles about these things?" Yes. Google. Please. Then. After reading. Ask **specific** questions here. – S.Lott Dec 23 '11 at 18:24
  • 1
    man.. u r a bit late)) I already got the answer I wanted 6 hours before your first message))))))) anyway ty for comments))) – AlexNasonov Dec 24 '11 at 09:00

1 Answers1

5

Here's a good guide with explanations: Form Based Authentication For Websites.

web.py has a recipe for basic authentication which can be extended using these techniques.

Usually you use a persistence mechanism known as sessions to track authenticated users. Have a look at Beaker to see how it can be implemented.

Community
  • 1
  • 1
  • 1
    web.py has its own session module, theres no need in beaker – Andrey Kuzmin Dec 17 '11 at 20:15
  • If you are interested in basic authentication, here is a quick attribute which you can use to decorate your handlers http://www.varunpant.com/posts/basic-authentication-in-web-py-via-attribute – varun Jan 25 '13 at 21:22