Inside the Head of PyDanny

Hi, I'm Daniel Roy Greenfeld, and welcome to my blog. I write about Python, Django, and much more.

I have a client who wanted their entire unlaunched public content site quickly but temporarily blocked for a short period of time. He wanted a universal password so he could send the site to reviewers, done quickly, and nothing else. In a few days the site will launch, and even if someone got through the authentication, nothing bad will happen except for an early visitor. So we determined this was a job for a very simple Basic access authentication implementation.

I asked around and Jacob Kaplan-Moss gave me this awesome snippet using barrel that I pasted right into the bottom of the Django 1.4-style application's file.

# Add to the bottom of your file
# Don't forget to add barrel to your requirements!
from barrel import cooper

USERS = [('spam', 'eggs')]

application = cooper.basicauth(users=USERS, realm=REALM)(get_wsgi_application())

This took all of 5 minutes to implement and launch. The result is that the first time you visit the site the login prompt appears. If you enter 'spam' and 'eggs' then you can see the site fine.

It worked and the customer was happy.

Will this block a concerted penetration attempt? Of course not. If the site has/had critical or identifying information it would be implemented with HTTPS. Implementing a Django site with HTTPS is something I've done many times now, but this use case was 'do it fast, easy, and make it temporary'.

Moral of the story: Pay attention to your requirements.

Note : As this is just adding in some WSGI middleware, this should work without much modification in Flask, Pyramid, and other WSGI compliant web frameworks.

Published: 2012-07-09 12:00:00

Tags: python django wsgi howto


If you read this far, you might want to follow me on twitter or github and subscribe via email below (I'll email you new articles when I publish them).



Content Copyright © 2012-2018 Daniel Greenfeld. Proudly harnessed by Mountain, powered by Flask, and rendered by Frozen Flask, all of which take great advantage of Python.