Django, global variables and tokens

Question

I'm using django to develop a website. On the server side, I need to transfer some data that must be processed on the second server (on a different machine). I then need a way to retrieve the processed data. I figured that the simplest would be to send back to the Django server a POST request, that would then be handled on a view dedicated for that job.

But I would like to add some minimum security to this process: When I transfer the data to the other machine, I want to join a randomly generated token to it. When I get the processed data back, I expect to also get back the same token, otherwise the request is ignored.

My problem is the following: How do I store the generated token on the Django server?

• I could use a global variable, but I had the impression browsing here and there on the web, that global variables should not be used for safety reason (not that I understand why really).
• I could store the token on disk/database, but it seems to be an unjustified waste of performance (even if in practice it would probably not change much).

Is there third solution, or a canonical way to do such a thing using Django?

Answer 1

You can store your token in django cache, it will be faster from database or disk storage in most of the cases.

Another approach is to use redis.

You can also calculate your token:

1. save some random token in settings of both servers

2. calculate token based on current timestamp rounded to 10 seconds, for example using:

   token = hashlib.sha1(secret_token) token.update(str(rounded_timestamp)) token = token.hexdigest()

3. if token generated on remote server when POSTing request match token generated on local server, when getting response, request is valid and can be processed.

Answer 2

The simple obvious solution would be to store the token in your database. Other possible solutions are Redis or something similar. Finally, you can have a look at distributed async tasks queues like Celery...