Secure web requests via Tornado with .htaccess
Question
I have implemented a very small application with Tornado, where HTTP GET Requests are used to perform actions. Now I would like to secure these requests. What would be a preferable way? Using .htaccess? How can I realize that?
It doesn't have to be for certain requests, it should be for all requests running on a certain port.
2 answers
solution1
2 ACCPTED 2012-12-10 00:57:13
If you based your application on the Tornado "Hello World" example then you probably haven't, but you really should consider writing your application as a WSGI application. Tornado has no problem with that, and the advantage is that your application now will run under a multitude of other environments ( Apache + mod_wsgi to name but one).
But how does that solve your original problem? Well, just Google "WSGI authentication middleware", it'll yield plenty of hits. Basically, what that entails is transparently 'wrapping' your WSGI -application in another, one allowing you to completely decouple that aspect of your application. If you're lucky, and one of hits turns out to be a perfect fit, you might get away with not witing any extra code at all.
Since you mentioned .htaccess : it is possible to have Apache do the authentication in an Apache/mod_wsgi configuration.
solution2
1 2012-12-09 18:18:53
.htaccess files are not supported by Tornado as far as I know. Look into setting up basic authentication on Tornado. Something like this: https://gist.github.com/660185 is probably what you want. You'll need to store your own user credentials however as Tornado has no baked in support for that as apache does with .htaccess files.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.