{ "info": { "author": "Wichert Akkerman", "author_email": "plone-developers@lists.sourceforge.net", "bugtrack_url": null, "classifiers": [ "Framework :: Plone", "Framework :: Zope2", "Framework :: Zope3", "Programming Language :: Python", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "Introduction\n============\n\nThis package contains utilities that can help to protect parts of Plone\nor applications build on top of the Plone framework.\n\n\nprotect decorator\n=================\n\nThe most common way to use plone.app.protect is through the ``protect``\ndecorator. This decorator takes a list of *checkers* as parameters: each\nchecker will check a specific security aspect of the request. For example::\n\n from plone.app.protect import protect\n from plone.app.protect import PostOnly\n\n @protect(PostOnly)\n def SensitiveMethod(self, REQUEST=None):\n # This is only allowed with HTTP POST requests.\n\nThis relies on the protected method having a parameter called REQUEST.\n\nHTTP POST\n=========\n\nIf you only need to allow HTTP POST requests you can use the *PostOnly*\nchecker::\n\n from plone.app.protect import PostOnly\n from plone.app.protect import protect\n\n @protect(PostOnly)\n def manage_doSomething(self, param, REQUEST=None):\n pass\n\nThis checker only operators on HTTP requests; other types of requests\nare not checked.\n\n\nForm authentication\n===================\n\nA common problem in web applications is Cross Site Request Forgery or CSRF.\nThis is an attack method in which an attacker tricks a browser to do a HTTP\nform submit to another site. To do this the attacker needs to know the exact\nform parameters. Form authentication is a method to make it impossible for an\nattacker to predict those parameters by adding an extra authenticator which\ncan be verified.\n\nTo use the form authenticator you first need to insert it into your form.\nThis can be done using a simple TAL statement inside your form::\n\n \n\nthis will produce a HTML input element with the authentication information.\nNext you need to add logic somewhere to verify the authenticator. This\ncan be done using a call to the authenticator view. For example::\n\n authenticator=getMultiAdapter((request, context), name=u\"authenticator\")\n if not authenticator.verify():\n raise Unauthorized\n\nYou can do the same thing more conveniently using the ``protect`` decorator::\n\n from plone.app.protect import CheckAuthenticator\n from plone.app.protect import protect\n\n @protect(CheckAuthenticator)\n def manage_doSomething(self, param, REQUEST=None):\n pass\n\n\n\n\nChangelog\n=========\n\n1.0b1 - March 7, 2008\n---------------------\n\n- Refactor the code to offer a generic protect decorator for methods\n which takes a list of checkers as options. Add checkers for both the\n authenticator verification and HTTP POST-only.\n [wichert]\n\n\n1.0a1 - January 27, 2008\n------------------------\n\n- Initial release\n [wichert]", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://svn.plone.org/svn/plone/plone.app.protect", "keywords": "plone security CSFS", "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "plone.app.protect", "package_url": "https://pypi.org/project/plone.app.protect/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/plone.app.protect/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://svn.plone.org/svn/plone/plone.app.protect" }, "release_url": "https://pypi.org/project/plone.app.protect/1.0b1/", "requires_dist": null, "requires_python": null, "summary": "Security for browser forms", "version": "1.0b1" }, "last_serial": 796370, "releases": { "1.0a1": [ { "comment_text": "", "digests": { "md5": "f46fab3e1874a5dda4b8b01ccf799206", "sha256": "05974307460fd4f13b95301b7dd7f15ea6e97e051a79bfaf442bf7149b426670" }, "downloads": -1, "filename": "plone.app.protect-1.0a1-py2.4.egg", "has_sig": false, "md5_digest": "f46fab3e1874a5dda4b8b01ccf799206", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 14139, "upload_time": "2008-01-27T10:30:26", "url": "https://files.pythonhosted.org/packages/5a/d6/c566ddfd56b92816fc6fec78c4d2213eda4e7ca670d1b9bb2785599f84e9/plone.app.protect-1.0a1-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "5656b6acc9d49955bdac97ca5b207cfa", "sha256": "b25344849220fb7640e17aca9b799370f78a95d00f125d72cfd13bcd497d69b1" }, "downloads": -1, "filename": "plone.app.protect-1.0a1.tar.gz", "has_sig": false, "md5_digest": "5656b6acc9d49955bdac97ca5b207cfa", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10030, "upload_time": "2008-01-27T10:30:26", "url": "https://files.pythonhosted.org/packages/a4/39/fb0920f1fd598f064ed1a1d4e52b796b8ff121a98b0bdc72c548b22fd9e5/plone.app.protect-1.0a1.tar.gz" } ], "1.0b1": [ { "comment_text": "", "digests": { "md5": "4b77fb399467ee7b33ac25586f75c465", "sha256": "89a775eb1cb9cf3986b643c08a2cbf726367d872fce1bf7598fea29b05d91290" }, "downloads": -1, "filename": "plone.app.protect-1.0b1-py2.4.egg", "has_sig": false, "md5_digest": "4b77fb399467ee7b33ac25586f75c465", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 18167, "upload_time": "2008-03-07T22:29:16", "url": "https://files.pythonhosted.org/packages/99/be/454e9d79584f64c016c027fc6d7c5e68ac336e1823d0b07627abc56866b6/plone.app.protect-1.0b1-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "65322b5550aa12102ba01d4d46a0843c", "sha256": "2a9666ee821f22b8aad56d48aeb8ae722aa00fa4ed263ca18107cc888c4db5b4" }, "downloads": -1, "filename": "plone.app.protect-1.0b1.tar.gz", "has_sig": false, "md5_digest": "65322b5550aa12102ba01d4d46a0843c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12199, "upload_time": "2008-03-07T22:29:16", "url": "https://files.pythonhosted.org/packages/60/29/e5f4d720d636846ffcca5900de54deb86b07caf3df07b4a7ab3a4d31ab11/plone.app.protect-1.0b1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "4b77fb399467ee7b33ac25586f75c465", "sha256": "89a775eb1cb9cf3986b643c08a2cbf726367d872fce1bf7598fea29b05d91290" }, "downloads": -1, "filename": "plone.app.protect-1.0b1-py2.4.egg", "has_sig": false, "md5_digest": "4b77fb399467ee7b33ac25586f75c465", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 18167, "upload_time": "2008-03-07T22:29:16", "url": "https://files.pythonhosted.org/packages/99/be/454e9d79584f64c016c027fc6d7c5e68ac336e1823d0b07627abc56866b6/plone.app.protect-1.0b1-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "65322b5550aa12102ba01d4d46a0843c", "sha256": "2a9666ee821f22b8aad56d48aeb8ae722aa00fa4ed263ca18107cc888c4db5b4" }, "downloads": -1, "filename": "plone.app.protect-1.0b1.tar.gz", "has_sig": false, "md5_digest": "65322b5550aa12102ba01d4d46a0843c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12199, "upload_time": "2008-03-07T22:29:16", "url": "https://files.pythonhosted.org/packages/60/29/e5f4d720d636846ffcca5900de54deb86b07caf3df07b4a7ab3a4d31ab11/plone.app.protect-1.0b1.tar.gz" } ] }