WebStack

docs/securing.html

654:9156c2205b8f
401:ca2a40e20036
360:0643717492e2
2005-07-16 paulb raw annotate files changeset graph [project @ 2005-07-16 20:32:56 by paulb] Enhanced the PYTHONPATH handling to respect the existing definition. 
     1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">     2 <html xmlns="http://www.w3.org/1999/xhtml">     3 <head>     4   <title>Securing a WebStack Application</title>     5   <meta name="generator"     6  content="amaya 8.1a, see http://www.w3.org/Amaya/" />     7   <link href="styles.css" rel="stylesheet" type="text/css" />     8 </head>     9 <body>    10 <h1>Securing a WebStack Application</h1>    11 <p>Making sure that Web applications are "secure" involves many    12 different    13 aspects of application design, deployment and administration. This    14 guide currently only covers the usage of the authentication features of    15 the WebStack API.</p>    16 <h2>Authentication in WebStack</h2>    17 <p>There are two principal methods of introducing authentication and    18 applying    19 access control to WebStack applications:</p>    20 <ul>    21   <li><a href="authenticators.html">Application-Wide Authenticators</a></li>    22   <li><a href="login-redirect.html">LoginRedirect and Login Modules</a></li>    23 </ul>    24 <p>Here is a comparison of the features of these mechanisms:</p>    25 <table border="1" cellpadding="5" cellspacing="0">    26   <tbody>    27     <tr>    28       <td></td>    29       <th>Application-Wide Authenticators</th>    30       <th>LoginRedirect and Login Modules</th>    31     </tr>    32     <tr>    33       <th>Deployment</th>    34       <td>    35       <ul>    36         <li>Some Web server configuration required.</li>    37         <li>The application only requires an additional object to be    38 instantiated to support authentication.</li>    39       </ul>    40       </td>    41       <td>    42       <ul>    43         <li>An additional login application or resource must be    44 deployed.</li>    45       </ul>    46       </td>    47     </tr>    48     <tr>    49       <th>Flexibility</th>    50       <td>    51       <ul>    52         <li>The user experience may seem too inflexible or unfriendly -    53 users may only get the login dialogue.</li>    54         <li>There is also probably no logout function, since it    55 requires browser support.</li>    56         <li> HTTP-style authentication is well understood and supported    57 when automating client access.</li>    58       </ul>    59       </td>    60       <td>    61       <ul>    62         <li>The login and logout activities can be customised to suit    63 the appearance of the rest of the application.</li>    64         <li> Many applications can share the same login application,    65 providing a "single sign-on" experience and potentially reduced    66 administrative overhead.</li>    67       </ul>    68       </td>    69     </tr>    70   </tbody>    71 </table>    72 </body>    73 </html>