 |
 |
 |
Mod_python Manual |  |
 |
 |
|
|
|
Mod_python Manual | |
|
|
At every traversal step, the Publisher handler checks for presence of
an __auth__ attribute. If found, it will be called with three
arguments - the Request object, a string containing the user
name and a string containing the password. If the return value of
__auth__ is false, then HTTP_UNAUTHORIZED is
returned to the client (which will usually cause a password dialog box
to appear).
If there exists an __auth_realm__ string, it will be sent
to the client as Authorization Realm (this is the text that usually
appears at the top of the password dialog box).
Since functions cannot be assigned attributes, to protect a function,
an __auth__ function can be defined within the function, e.g.:
def sensitive(req):
def __auth__(req, user, password):
if user == 'spam' and password == 'eggs':
# let them in
return 1
else:
# no access
return 0
# something involving sensitive information
return 'sensitive information`
The most common use will probably be defining an __auth__
function and an __auth_realm__ string at the module level.
NOTE: In order for mod_python to call the __auth__
function, the module must first be imported. Therefore, any
module-level code will get executed during the import even if
__auth__ returns false. To truly protect the module from
being accessed, use other authentication mechanisms, e.g. the Apache
mod_auth or with a mod_python PythonAuthenHandler handler.
|
|
|
Mod_python Manual | |
|
|