diff options
| author | Michael Merickel <michael@merickel.org> | 2020-01-16 10:09:45 -0600 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2020-01-16 10:09:45 -0600 |
| commit | a7f61dc1ae95ffddacccfb583fa7a8f6d294f4b9 (patch) | |
| tree | 8aca99052f7086bcb37609b516d7a11902377d71 /docs/narr/security.rst | |
| parent | eb7046c8eeb8c9b598260ae8c8976187a8f84953 (diff) | |
| parent | 9c153e1250e00faa06003c10c3a26886489e6210 (diff) | |
| download | pyramid-a7f61dc1ae95ffddacccfb583fa7a8f6d294f4b9.tar.gz pyramid-a7f61dc1ae95ffddacccfb583fa7a8f6d294f4b9.tar.bz2 pyramid-a7f61dc1ae95ffddacccfb583fa7a8f6d294f4b9.zip | |
Merge branch 'master' into move-acl-security-to-authorization
Diffstat (limited to 'docs/narr/security.rst')
| -rw-r--r-- | docs/narr/security.rst | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index fd291a9db..10e9df78d 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -69,7 +69,7 @@ A simple security policy might look like the following: from pyramid.security import Allowed, Denied class SessionSecurityPolicy: - def identify(self, request): + def authenticated_identity(self, request): """ Return app-specific user object. """ userid = request.session.get('userid') if userid is None: @@ -78,14 +78,14 @@ A simple security policy might look like the following: def authenticated_userid(self, request): """ Return a string ID for the user. """ - identity = self.identify(request) + identity = self.authenticated_identity(request) if identity is None: return None return string(identity.id) def permits(self, request, context, permission): """ Allow access to everything if signed in. """ - identity = self.identify(request) + identity = self.authenticated_identity(request) if identity is not None: return Allowed('User is signed in.') else: @@ -144,7 +144,7 @@ For example, our above security policy can leverage these helpers like so: def __init__(self): self.helper = SessionAuthenticationHelper() - def identify(self, request): + def authenticated_identity(self, request): """ Return app-specific user object. """ userid = self.helper.authenticated_userid(request) if userid is None: @@ -153,14 +153,14 @@ For example, our above security policy can leverage these helpers like so: def authenticated_userid(self, request): """ Return a string ID for the user. """ - identity = self.identify(request) + identity = self.authenticated_identity(request) if identity is None: return None return str(identity.id) def permits(self, request, context, permission): """ Allow access to everything if signed in. """ - identity = self.identify(request) + identity = self.authenticated_identity(request) if identity is not None: return Allowed('User is signed in.') else: @@ -249,7 +249,7 @@ might look like so: class SecurityPolicy: def permits(self, request, context, permission): - identity = self.identify(request) + identity = self.authenticated_identity(request) if identity is None: return Denied('User is not signed in.') @@ -697,7 +697,7 @@ A "secret" is required by various components of Pyramid. For example, the helper below might be used for a security policy and uses a secret value ``seekrit``:: - helper = AuthTktCookieHelper('seekrit', hashalg='sha512') + helper = AuthTktCookieHelper('seekrit') A :term:`session factory` also requires a secret:: @@ -719,6 +719,8 @@ has the possibility of providing a chosen plaintext. single: preventing cross-site request forgery attacks single: cross-site request forgery attacks, prevention +.. _csrf_protection: + Preventing Cross-Site Request Forgery Attacks --------------------------------------------- |