diff options
| author | Chris McDonough <chrism@agendaless.com> | 2008-10-03 20:11:06 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2008-10-03 20:11:06 +0000 |
| commit | 47b4d3ee62dfdb830a83192907b0602218f9ab5e (patch) | |
| tree | 6fe0cce905bcc39f1ab431101fe419f4197305f9 /docs/narr/security.rst | |
| parent | 68fe4a3a211176a282212a441d04ab53227f6bd2 (diff) | |
| download | pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.tar.gz pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.tar.bz2 pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.zip | |
Docs
- An "Environment and Configuration" chapter was added to the narrative
portion of the documentation.
Features
- Ensure bfg doesn't generate warnings when running under Python
2.6.
- The environment variable ``BFG_RELOAD_TEMPLATES`` is now available
(serves the same purpose as ``reload_templates`` in the config file).
- A new configuration file option ``debug_authorization`` was added.
This turns on printing of security authorization debug statements
to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment
variable was also added; this performs the same duty.
Bug Fixes
- The environment variable ``BFG_SECURITY_DEBUG`` did not always work.
It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed.
Deprecations
- A deprecation warning is now issued when old API names from the
``repoze.bfg.templates`` module are imported.
Backwards incompatibilities
- The ``BFG_SECURITY_DEBUG`` environment variable was renamed to
``BFG_DEBUG_AUTHORIZATION``.
Diffstat (limited to 'docs/narr/security.rst')
| -rw-r--r-- | docs/narr/security.rst | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index 1053ccc42..b57ad2958 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -164,16 +164,27 @@ be performed. See :ref:`location_module` for documentations of functions which use location-awareness. -Debugging Security Failures ---------------------------- +.. _debug_authorization_section: -If your application is allowing or denying access inappropriately (in -your judgment), start your application under a shell using the -``BFG_SECURITY_DEBUG`` environment variable. For example:: +Debugging Authorization Failures +-------------------------------- - $ BFG_SECURITY_DEBUG=1 bin/paster serve myproject.ini +If your application in your judgment is allowing or denying access +inappropriately, start your application under a shell using the +``BFG_DEBUG_AUTHORIZATION`` environment variable set to ``1``. For +example:: + + $ BFG_DEBUG_AUTHORIZATION=1 bin/paster serve myproject.ini When any authorization takes place, a message will be logged to the -console about what ACE in which ACL permitted or denied the -authorization based on authentication information. +console (to stderr) about what ACE in which ACL permitted or denied +the authorization based on authentication information. + +This behavior can also be turned on in the application ``.ini`` file +by setting the ``debug_authorization`` key to ``true`` within the +application's configuration section, e.g.:: + + [app:main] + use = egg:MyProject#app + debug_authorization = true |