Creating a secure REST service
We can break application security down into two considerations: authentication and authorization. We need to know who the user is and we need to be sure that the user is authorized to execute the particular WSGI application. This is handled relatively simply using both the HTTP Authorization header for credentials to ensure an encrypted transmission of these credentials.
If we use SSL, we can simply use the HTTP Basic Authorization mode. This version of the Authorization header can include a username and password in each request. For more elaborate measures, we can use HTTP Digest Authorization, which requires an exchange with the server to get a piece of data called a nonce that's used to create the digest in a more ...
Get Mastering Object-oriented Python now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
