This page包含以下代码段:
from cherrypy.lib import auth_digest
USERS = {'jon': 'secret'}
conf = {
'/protected/area': {
'tools.auth_digest.on': True,
'tools.auth_digest.realm': 'localhost',
'tools.auth_digest.get_ha1': auth_digest.get_ha1_dict_plain(USERS),
'tools.auth_digest.key': 'a565c27146791cfb'
}
}
cherrypy.quickstart(myapp, '/', conf)
以tools.auth_digest开头的4项是什么意思?
答案 0 :(得分:0)
摘要是一种比基本身份验证稍微安全的身份验证机制,请参阅此处的定义What is digest authentication?
我查看了CherryPy源代码,看看是否有任何关于参数含义的文档,来自this file它说参数是:
realm
A string containing the authentication realm.
get_ha1
A callable which looks up a username in a credentials store
and returns the HA1 string, which is defined in the RFC to be
MD5(username : realm : password). The function's signature is:
``get_ha1(realm, username)``
where username is obtained from the request's 'authorization' header.
If username is not found in the credentials store, get_ha1() returns
None.
key
A secret string known only to the server, used in the synthesis of nonces.
on标志(希望显然)只是启用摘要式身份验证,并强制它搜索摘要参数而不是基本的auth参数。
请注意,get_ha1参数是可调用的,从搜索文件有3个版本:
get_ha1_dict_plain
get_ha1_dict
get_ha1_file_htdigest
如果您想确切了解它们的工作原理,可以使用适当的文档字符串。
希望这有帮助!