|
Graham Dumpleton
graham.dumpleton at gmail.com
Thu Jul 23 08:23:28 EDT 2009
2009/7/23 Andrew Smith <andy at robotlovesyou.com>: > Hello Graham > > Thanks for getting back to me > > What I am doing is implementing a form based authentication scheme, which I > want to work for static content as well as dynamic. (hence implementing it > as a handler in python) I don't want to use basic authentication because it > does not offer the security or functionality I require. There are obviously > already forms based authentication systems available but none which either > a) The exact functionality I want, or b) Close enough to modify and coded in > a language I already know. > > Right now the prototype I have is written using mod_python and hooked into > apache using the PythonAccessHandler option. (The PythonAuthenHandler phase > doesn't seem to fire unless apache is configured to use Authentication for a > particular resource, which I guess makes sense.) > > I realise that there will be a performance hit for implementing this using > mod_python but I figure I can manage that by optimising the structure of the > site and ensuring that I only authenticate users for resources which > actually need it. Please use reply-all and keep discussion on list. Have you looked at mod_auth_tkt? Not that it will help you right now, but Apache 2.4 will have a mod_session module along with other modules to help implement SSO across static files and dynamic applications using form based authentication mechanisms with form provided by however you want to provide and in format you want it. What mod_auth_tkt can achieve now is probably now much different. If you have looked at it, why wasn't it suitable? Graham > Thanks > > Andy > > > > On 23 Jul 2009, at 12:06, Graham Dumpleton wrote: > >> 2009/7/23 Andrew Smith <andy at robotlovesyou.com>: >>> >>> Hello >>> >>> I have a couple of questions about the capabilities of mod_python vs >>> mod_wsgi. >>> >>> My current (mis?)understanding is that mod_wsgi does not allow me to >>> provide >>> handlers for apache stages such as PostReadRequest or Authz in the same >>> way >>> that mod_python does, >> >> Correct. >> >>> though I understand that I can create a mod_wsgi Authentication provider. >> >> As well as custom group authorization mechanism. >> >>> So my questions are 1)Is my understanding of the situation correct >> >> Close enough. >> >>> and 2) Are there any future plans for mod_wsgi to allow developers to >>> plug >>> into the apache processing pipeline in the same way that mod_python does >>> now? >> >> Undecided. >> >> Is interesting challenge, but a huge amount of effort for something >> that would be used by a handful of people. >> >> From what I have seen people use various handler phases for, they >> would in many cases be able to achieve the same thing using >> mod_headers, mod_rewrite or other custom Apache modules, much more >> easily and much more efficiently. Although Python makes writing >> content handler nicer, the overhead of Python makes it a very poor >> choice for other handler phases and input/output filters. >> >> My question therefore is, what are you trying to do and why do you >> think that Python would be a good way of doing it? In what ways don't >> other Apache modules already do what you want, or allow you a means of >> doing it? >> >> Graham > >
|