diff options
| author | Chris McDonough <chrism@agendaless.com> | 2008-09-06 00:07:46 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2008-09-06 00:07:46 +0000 |
| commit | 2f1209aef6ef1335dc778730572d72880f40fb69 (patch) | |
| tree | 4f9e278caa5a06e1ed74cc1c760616da584cfd44 /docs/narr | |
| parent | 2831890cc6d17abce7c1f45ed134e6465fbb927b (diff) | |
| download | pyramid-2f1209aef6ef1335dc778730572d72880f40fb69.tar.gz pyramid-2f1209aef6ef1335dc778730572d72880f40fb69.tar.bz2 pyramid-2f1209aef6ef1335dc778730572d72880f40fb69.zip | |
Info about debugging security failures.
Diffstat (limited to 'docs/narr')
| -rw-r--r-- | docs/narr/security.rst | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index fb1ad3ee7..fa8a5d032 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -144,3 +144,17 @@ but otherwise acts the same as your model object. You can of course supply ``__name__`` and ``__parent__`` attributes explicitly on all of your model objects, and no location proxying will be performed. + +Debugging Security Failures +--------------------------- + +If your application is allowing or denying access inappropriately (in +your judgment), start your application under a shell using the +``BFG_SECURITY_DEBUG`` environment variable. For example:: + + BFG_SECURITY_DEBUG=1 bin/paster serve myproject.ini + +When any authorization takes place, a message will be logged to the +console about what ACE in which ACL permitted or denied the +authorization based on authentication information. + |