[英]Secure web requests via Tornado with .htaccess
I have implemented a very small application with Tornado, where HTTP GET Requests are used to perform actions. 我已经使用Tornado实现了一个非常小的应用程序,其中HTTP GET请求用于执行操作。 Now I would like to secure these requests.
现在我想确保这些要求。 What would be a preferable way?
什么是更好的方式? Using .htaccess?
使用.htaccess? How can I realize that?
我怎么能意识到这一点?
It doesn't have to be for certain requests, it should be for all requests running on a certain port. 它不必用于某些请求,它应该适用于在某个端口上运行的所有请求。
If you based your application on the Tornado "Hello World" example then you probably haven't, but you really should consider writing your application as a WSGI
application. 如果您的应用程序基于Tornado“Hello World”示例,那么您可能没有,但您真的应该考虑将您的应用程序编写为
WSGI
应用程序。 Tornado has no problem with that, and the advantage is that your application now will run under a multitude of other environments ( Apache
+ mod_wsgi
to name but one). Tornado对此没有任何问题,其优点是您的应用程序现在可以在多种其他环境下运行(
Apache
+ mod_wsgi
只能命名一个)。
But how does that solve your original problem? 但是,这如何解决您的原始问题? Well, just Google "WSGI authentication middleware", it'll yield plenty of hits.
好吧,只是谷歌“WSGI认证中间件”,它会产生大量的点击率。 Basically, what that entails is transparently 'wrapping' your
WSGI
-application in another, one allowing you to completely decouple that aspect of your application. 基本上,这需要透明地将您的
WSGI
应用程序“包装”在另一个应用程序中,允许您完全解耦应用程序的这一方面。 If you're lucky, and one of hits turns out to be a perfect fit, you might get away with not witing any extra code at all. 如果你很幸运,并且其中一个命中结果非常合适,你可能会完全忘记任何额外的代码。
Since you mentioned .htaccess
: it is possible to have Apache do the authentication in an Apache/mod_wsgi configuration. 既然你提到
.htaccess
: 可以让Apache进行认证,在Apache / mod_wsgi的配置。
.htaccess
files are not supported by Tornado as far as I know. 据我所知,Tornado不支持
.htaccess
文件。 Look into setting up basic authentication on Tornado. 研究在Tornado上设置基本身份验证。 Something like this: https://gist.github.com/660185 is probably what you want.
这样的事情: https : //gist.github.com/660185可能就是你想要的。 You'll need to store your own user credentials however as Tornado has no baked in support for that as apache does with .htaccess files.
您需要存储自己的用户凭据,但是由于Tacheado没有支持,因为apache使用.htaccess文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.