我写了一个cherrypy服务器以方便文件下载,我使用了cherrypy auth摘要来验证它。配置如下:
conf = {
'/getXML': {
'tools.auth_digest.on': True,
'tools.auth_digest.realm': None,
'tools.auth_digest.get_ha1': auth_digest.get_ha1_dict_plain(USERS),
'tools.auth_digest.key': <some_key>
}
}
该密钥的作用是什么?
此外,在成功验证后,当我再次点击服务器时,它会记住登录,并且不会再次提示输入凭据。如何在不记住登录的情况下为每个请求提出凭据?
答案 0 :(得分:0)
将密钥视为会话ID。一旦用户访问您的网站,您就会生成它...
cherrypy.session['_csrf_token'] = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(16))
然后在用户的cookie中设置该ID,并比较两个密钥以确保您拥有相同的用户。这就是使用'tools.sessions.on'背后的概念:是的,设置在cherrypy中。这使您可以在无状态环境(如http。
)中了解用户从一个页面到另一个页面**
validate_nonce(s, key)
Validate the nonce. Returns True if nonce was generated by synthesize_nonce() and the timestamp is not spoofed, else returns False.
s
A string related to the resource, such as the hostname of the server.
key
A secret string known only to the server.
Both s and key must be the same values which were used to synthesize the nonce we are trying to validate.
**
似乎无法使用身份验证摘要强制退出...
https://groups.google.com/d/msg/cherrypy-users/M-GUFH2mU_M/45zHnA5Y6XMJ
以下是有关摘要认证的详细信息......
What is digest authentication?
但这是一个简单的身份验证,您可以强行退出...
How to logout from a simple web appl. in CherryPy, Python
希望这有帮助!