堆栈内存溢出
  简体   繁体   English

我如何检查管理员用户是否已登录django网站或未登录NGINX

[英]how can i check that a admin user is logged into django website or not into NGINX

 原文  2013-11-29 13:23:23       django/ cookies/ nginx

问题描述

I want to see that admin user is logged in or not into nginx.conf file . 我想查看管理员用户是否已登录nginx.conf文件。
I need this for my specific requirement. 我需要这个来满足我的特定要求。 My Try : 我的尝试: 

I tried to fetch COOKIES into nginx.conf file.
but when admin is logged out so cookies are changed so i am not able figure out that if a admin is logged in or not.

1 个解决方案

解决方案1
 0  2013-11-30 01:00:44

As far as I know this is not possible. 据我所知这是不可能的。

Django uses encrypted cookies by default and stores all data in the session table in the DB (also encrypted). Django默认使用加密的cookie,并将所有数据存储在数据库的会话表中(也已加密)。 You could check if the user has a cookie set in nginx but you won't be able to verify if that cookie value actually means "Admin" or "random other cookie value". 您可以检查用户是否在nginx中设置了cookie,但是您将无法验证该cookie值实际上是“ Admin”还是“ random other cookie value”。

Also unless you're using custom nginx modules to check the contents of the cookie you run the risk of someone managing to trick nginx into thinking the user is an admin when that is not the case. 另外,除非您使用自定义的nginx模块检查cookie的内容,否则您将冒着诱使某人设法欺骗nginx认为用户是管理员的风险。

I'm not sure what the use case is here but you could try doing something with the django middleware or looking for third party plugins instead of using nginx. 我不确定这里的用例是什么,但是您可以尝试使用django中间件或寻找第三方插件来代替使用nginx。

If you want to limit file access to a specific file, eg admin-only images/javascript/data files or such you could try the HttpAccessKeyModule for Nginx and just generate a custom 'url' for your admin to access them. 如果要将文件访问限制为特定文件,例如仅管理员的图像/ javascript /数据文件,则可以尝试HttpAccessKeyModule for Nginx并为管理员生成一个自定义“ url”以访问它们。

You can also try looking into: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html and see about delegating the check to some part of Django which just returns Yes or No to nginx. 您还可以尝试查看以下内容: http : //nginx.org/zh-CN/docs/http/ngx_http_auth_request_module.html,并了解将检查委托给Django的某些部分,该部分仅对nginx返回Yes或No。

There might be another nginx plugin somewhere which you can add/enable for an admin user from within django. 某个地方可能还有另一个Nginx插件,您可以在Django中为管理员用户添加/启用该插件。 But this requires you to think the other way around. 但这需要您反过来思考。 With django telling nginx the user is an admin. 使用django告诉nginx的用户是管理员。 Instead of nginx finding it out itself. 而不是nginx自己发现它。

Hope this helps you in some way. 希望这对您有所帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 Django 中检查登录用户的登录情况? - How can check logged user for signin in django? 如何在 Django 管理面板中获取当前登录的用户 ID? - How can I get current logged User id in Django Admin Panel? 如何检查Django是否登录了“不同”用户? - How do I check if a 'different' user is logged in in django? 当新用户使用django在网站中注册时,如何向管理员发送电子邮件以进行批准或拒绝? - How can I send email to admin for approval or deny, When new user register in website using django? Django - 如何根据当前登录的用户在管理面板中默认填充 model 的用户字段? - Django - How do I populate the user field of a model by default in the admin panel based on the current user logged in? 如何在 django 令牌认证中检查用户是否登录? - How to check if a user is logged in, in django token authentication? 如何检查用户是否在 Django 中登录? - how to check whether a user is logged in in django? 如何检查哪个用户使用Django登录? - How to check which user is logged in with Django? 通过登录用户过滤django admin - Filter django admin by logged in user Django-如何获取当前登录用户以在django admin中进行填充? - Django - How to get current logged in user to populate in django admin?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM