[Esapi-python] Middleware and integration with frameworks
Craig Younkins
craig.younkins at owasp.org
Wed Jul 22 15:34:07 EDT 2009
When designing ESAPI on Python, I aim to be framework agnostic.
Unfortunately, independence from the framework is difficult to achieve,
particularly in a language like Python where things like HttpRequest objects
are not as standardized as they are in Java. You can compare the request and
response object interfaces for Django
<http://docs.djangoproject.com/en/dev/ref/request-response/>and
Pylons<http://pylonshq.com/docs/en/0.9.7/thirdparty/webob/#module-webob>
.
Another issue I'm looking at while handling the User and Authenticator parts
of ESAPI is middleware integration. While there is PEP
333<http://www.python.org/dev/peps/pep-0333/#questions-and-answers>,
the WSGI standard, it seems that
Django<http://docs.djangoproject.com/en/dev/topics/http/middleware/#topics-http-middleware>takes
a different approach while
Pylons <http://pylonshq.com/docs/en/0.9.7/concepts/#id1> embraces the spec.
Middleware seems to be an ideal place to do authentication and permissions
management, and the Django default authentication
middleware<http://docs.djangoproject.com/en/dev/topics/auth/>is
absolutely beautiful and elegant in use. Most of me wants to duplicate
the elegance of the Django auth middleware, but keep it available to Pylons
as well. Is this even possible?
Does anyone have ideas for how to help maintain framework agnosticism? Also,
what framework have *you* used in your Python web application adventures?
Thanks for any ideas!
Craig Younkins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-python/attachments/20090722/833c8059/attachment.html
More information about the Esapi-python
mailing list