堆栈内存溢出
  简体   繁体   English

通过.htaccess通过Tornado保护Web请求

[英]Secure web requests via Tornado with .htaccess

 原文  2012-12-09 17:58:41       python/ .htaccess/ authorization/ tornado

问题描述

I have implemented a very small application with Tornado, where HTTP GET Requests are used to perform actions. 我已经使用Tornado实现了一个非常小的应用程序,其中HTTP GET请求用于执行操作。 Now I would like to secure these requests. 现在我想确保这些要求。 What would be a preferable way? 什么是更好的方式? Using .htaccess? 使用.htaccess? How can I realize that? 我怎么能意识到这一点?

It doesn't have to be for certain requests, it should be for all requests running on a certain port. 它不必用于某些请求,它应该适用于在某个端口上运行的所有请求。

2 个解决方案

解决方案1
 2 已采纳  2012-12-10 00:57:13

If you based your application on the Tornado "Hello World" example then you probably haven't, but you really should consider writing your application as a WSGI application. 如果您的应用程序基于Tornado“Hello World”示例,那么您可能没有,但您真的应该考虑将您的应用程序编写为WSGI应用程序。 Tornado has no problem with that, and the advantage is that your application now will run under a multitude of other environments ( Apache + mod_wsgi to name but one). Tornado对此没有任何问题,其优点是您的应用程序现在可以在多种其他环境下运行( Apache + mod_wsgi只能命名一个)。

But how does that solve your original problem? 但是,这如何解决您的原始问题? Well, just Google "WSGI authentication middleware", it'll yield plenty of hits. 好吧,只是谷歌“WSGI认证中间件”,它会产生大量的点击率。 Basically, what that entails is transparently 'wrapping' your WSGI -application in another, one allowing you to completely decouple that aspect of your application. 基本上,这需要透明地将您的WSGI应用程序“包装”在另一个应用程序中,允许您完全解耦应用程序的这一方面。 If you're lucky, and one of hits turns out to be a perfect fit, you might get away with not witing any extra code at all. 如果你很幸运,并且其中一个命中结果非常合适,你可能会完全忘记任何额外的代码。

Since you mentioned .htaccess : it is possible to have Apache do the authentication in an Apache/mod_wsgi configuration. 既然你提到.htaccess可以让Apache进行认证,在Apache / mod_wsgi的配置。

解决方案2
 1  2012-12-09 18:18:53

.htaccess files are not supported by Tornado as far as I know. 据我所知,Tornado不支持.htaccess文件。 Look into setting up basic authentication on Tornado. 研究在Tornado上设置基本身份验证。 Something like this: https://gist.github.com/660185 is probably what you want. 这样的事情: https//gist.github.com/660185可能就是你想要的。 You'll need to store your own user credentials however as Tornado has no baked in support for that as apache does with .htaccess files. 您需要存储自己的用户凭据,但是由于Tacheado没有支持,因为apache使用.htaccess文件。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Tornado Web中的请求之间共享数据 - How to share data between requests in Tornado Web 删除龙卷风中的安全Cookie - Deleting a Secure Cookie in tornado 龙卷风安全websocket超时 - Tornado secure websocket timeout 如何使用通过安全cookie对用户进行身份验证的测试龙卷风服务器处理程序 - How to use a test tornado server handler that authenticates a user via a secure cookie 龙卷风web http请求阻止其他请求,如何不阻止其他请求 - tornado web http request blocks other requests, how to not block other requests Tornado阻止异步请求 - Tornado blocking asynchronous requests 龙卷风长时间轮询请求 - Tornado long polling requests 龙卷风分析请求 - Tornado analyse requests 带有龙卷风的JSONp请求 - JSONp requests with tornado Tornado set_secure_cookie - Tornado set_secure_cookie
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM