close Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 7 and Version 8 of DevelopmentServer


Ignore:
Timestamp:
Aug 29, 2008, 3:28:36 PM (16 years ago)
Author:
cmlenz
Comment:

Add section on auth

Legend:

Unmodified
Added
Removed
Modified
  • DevelopmentServer

    v7 v8  
    8787Applications can add their own files to the list of watched files using the `watch_file()` function.
    8888
     89== Authentication ==
     90
     91The development server can inject a WSGI middle component that performs HTTP authentication (either Basic or Digest) against a specified password file. This is intended primarily for developing and testing authorization-sensitive parts of your application. In particular, this middleware is not intended to be used on production systems where security is critical.
     92
     93The `--digest` option is used to specify the text file containing the credentials for digest authentication, in a format compatible with the [http://httpd.apache.org/docs/2.2/programs/htdigest.html Apache htdigest tool]. The ``--basic`` option allows you to use an unencrypted password file for even simpler setup. The `--realm` option can be used to specify a different realm, where the default is the name of the `Application` class. This realm needs to match the realm used in the digest file.
     94
     95The format of the password file for Basic authentication is simple: one line per account, containing the username and the password (in the clear) separated by a colon. Note that this format is '''not compatible''' with the format generated by the [http://httpd.apache.org/docs/2.2/programs/htpasswd.html htpasswd] tool, which encrypts the passwords.
     96
     97Finally, the `--protect` option can be used to require authentication only on the specified sub-resources. When the `--protect` option is not provided, the whole URI space will require authentication. When it is specified, authentication is only required on the specified paths. To protect more than one path, simply specifiy the option as often as you need.
     98
     99For example:
     100
     101{{{
     102$ ./myapp.py -rv --digest auth.digest --protect /login
     103}}}
     104
     105
    89106== API Documentation ==
    90107