|
Martijn Moeling
martijn at xs4us.nu
Fri Dec 22 07:50:00 EST 2006
Hi, For exactly the same reasons you indicate I have written my own access mechanism, Additionally I hate the login window produced by the browsers but that is my opinion. Next is, that I have not been able to get any secure credentials transfer with PythonAuthHandler working. I use the xmlHTTPRequest (javascript) to send the credentials to the server, my mod_python program then looks up the User record in a MySQL database and checks the password, if correct a session is created. Doing so using https makes it sort of secure enough for my application. I have found it hard to get around the documentation and often I start reading trough the mod_python source files to get the answers (I need to understand the MP sources anyway since I want to contribute to the development, for most users this would be to much). This mailinglist is helpful but searching it in the archives is sometimes quite a task so I keep all the messages in a folder in my inbox and order them by hand to subfolders on specific topics. Now that the WIKI is there people start to move there too, making it even harder to search for what one needs. A few days ago I wrote a message to Graham about the level of documentation and examples. Also I see many non native English speakers/readers having trouble with understanding the text, Additionally you need to be an Apache Internals expert in some cases to understand what the doc is telling. Maybe it is time to write a mod_python cookbook, but I have simply no time left to do so... Fröhliche Weinachten!! Martijn Moeling -----Oorspronkelijk bericht----- Van: mod_python-bounces at modpython.org [mailto:mod_python-bounces at modpython.org] Namens Marcus Werner Verzonden: Thursday, December 21, 2006 10:37 PM Aan: mod_python at modpython.org Onderwerp: [mod_python] Protecting Image-Directory's with PythonAccessHandler Hi everyone, I'm working on a Debian-Stable Box with mod_python 2.7.10 and Python 2.3 (yes I know its both 'stale', but I've got no choice) and I would like to know _how_ I can protect an images-directory with an PythonAccessHandler together with my application-/session-based authentification. A bonus would be If I could decide access to specific images bases on user-permissions. I know this is a tricky problem, and in PHP you would have to place the images somewhere inaccessible from the web and stream them through php to the client, after checking the credentials. If we assume mod_php is tuned to serve this fast the performance should be fair, but there is still a small performance-loss because the image is streamed through the PHP-Interpreter. Now mod_python seems to dodge this elegantly by introducing the AccessHandler, but so far I haven't been able to produce something like this, since the documentation regarding those special Handler is really sparse. If you want to attract more user you really need some examples regarding things wich are impossible, difficult or perfomance-costly in other languages/frameworks. Especially for those Python*Handlers, you need _way_more_ examples, so it's obvious why,where and when to use those Handlers. They are a huge bonus, but regarding the documentation they haven't received the attention they deserve. I'm going to hold a 30-minutes presentation on mod_python 3 Weeks from now during a seminar about scripting-languages for Web-Engineering and I would like to show at least _one_ convincing example why and where to use those _special_ handlers. So far I don't know what to tell my fellow students about thist part of mod_python. Afaik it seems like I'm the first guy ever doing a presentation about mod_python. I'm going to set up a more recent version of mod_python on a private box tonight so if you have a solution/small example wich works on a more recent version of mod_python: fire away. Merry christmasa and best regards, -- Marcus Werner <travis at uni-paderborn.de>
|