diff options
| author | Theron Luhn <theron@luhn.com> | 2019-07-13 10:35:19 -0700 |
|---|---|---|
| committer | Theron Luhn <theron@luhn.com> | 2019-07-13 10:35:19 -0700 |
| commit | 09960927167f80bb405da52c96775241c84a8682 (patch) | |
| tree | e64cde0e35b9f29ed6a5328ef2738d4275636f1d /docs | |
| parent | c69994778de79041d703fd121ec9d1aaf8a6b7c8 (diff) | |
| download | pyramid-09960927167f80bb405da52c96775241c84a8682.tar.gz pyramid-09960927167f80bb405da52c96775241c84a8682.tar.bz2 pyramid-09960927167f80bb405da52c96775241c84a8682.zip | |
Improve security docs.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/narr/security.rst | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index a92942a25..842cdeb05 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -10,7 +10,7 @@ Security determines the identity of the current user (authentication) and whether or not the user has access to certain resources (authorization). -The :app:`Pyramid` authorization system can prevent a :term:`view` from being +The :app:`Pyramid` security system can prevent a :term:`view` from being invoked based on the :term:`security policy`. Before a view is invoked, the authorization system can use the credentials in the :term:`request` along with the :term:`context` resource to determine if access will be allowed. Here's @@ -107,17 +107,26 @@ your application. Writing a Security Policy Using Helpers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -To assist in writing common security policy, Pyramid provides several helpers. -The following authentication helpers assist with implementing ``identity``, -``remember``, and ``forget``. - -* :class:`pyramid.authentication.SessionAuthenticationHelper` - -* :class:`pyramid.authentication.AuthTktCookieHelper` - -The following authorization helper assists with implementing ``permits``. - -* :class:`pyramid.authorization.ACLHelper` +To assist in writing common security policies, Pyramid provides several +helpers. The following authentication helpers assist with implementing +``identity``, ``remember``, and ``forget``. + ++-------------------------------+-------------------------------------------------------------------+ +| Use Case | Helper | ++===============================+===================================================================+ +| Store the :term:`userid` | :class:`pyramid.authentication.SessionAuthenticationHelper` | +| in the :term:`session`. | | ++-------------------------------+-------------------------------------------------------------------+ +| Store the :term:`userid` | :class:`pyramid.authentication.AuthTktCookieHelper` | +| with an "auth ticket" cookie. | | ++-------------------------------+-------------------------------------------------------------------+ +| Retrieve user credentials | Use :func:`pyramid.authentication.extract_http_basic_credentials` | +| using HTTP Basic Auth. | to retrieve credentials. | ++-------------------------------+-------------------------------------------------------------------+ +| Retrieve the :term:`userid` | ``REMOTE_USER`` can be accessed with | +| from ``REMOTE_USER`` in the | ``request.environ.get('REMOTE_USER')``. | +| WSGI environment. | | ++-------------------------------+-------------------------------------------------------------------+ For example, our above security policy can leverage these helpers like so: |