|
»
»
« Return to Thread: Question re: auth-n
Re: Question re: auth-n
by Nick Joyce
::
Rate this Message:
On 27 Apr 2009, at 02:44, Chris Wolf wrote:
>
> I was hoping to use RemoteObject to access AMF services.
>
> ...but a note here:
>
> http://pyamf.org/wiki/AuthenticationHowto
>
> ...says "RemoteObject is not supported yet, so requests can be made to
> your services without having the authenticator called."
>
> Does this mean PyAMF is not secure? I want to deploy services that
> require authentication.
Check http://lists.pyamf.org/archives/users/2009-April/001433.html for
background information about this issue.
PyAMF is meant to be a python library that provides AMF en/decoding
support. The remoting and gateway modules are useful add-ons and allow
PyAMF to integrate nicely with web based frameworks (WSGI, Django,
Twisted, etc.).
Since PyAMF doesn't have the support structure to support
authorisation in RemoteObject, the generally accepted way is to roll
your own - or integrate with the web framework that you are using. It
appears that you are using Django so I would check a very good
tutorial written by Joel Hooks - http://joelhooks.com/2008/09/21/django-authorization-from-flex-air-actionscript-via-pyamf/
All this is made possible because the Flash player supports HTTP
session cookies in remoting requests (RemoteObject or otherwise).
> Looking at the other sample, I see something called "WSGIGateway" is
> used. Should I used that instead of DjangoGateway ?
The various gateway implementations allow a smooth integration of
PyAMF with WSGI, Twisted, Django, Pylons, etc. So if you are using
Django - you can use WSGI (as Django supports that) but DjangoGateway
provides the best integration.
> Then I see a sample using Flex's RemoteObject, but with
> authentication:
> http://pyamf.org/browser/examples/trunk/authentication/flash/flex/remoteobject/src/authentication.mxml
>
> I thought this didn't work?
If you run the example you will find the 'onFault' handler is fired
(with a error saying PyAMF doesn't support auth in RO)
> The other sample uses flash code :
>
> import flash.net.NetConnection;
> import flash.net.Responder;
>
> rather then MXML RemoteObject. I'd prefer to use the Flex approach,
> if possible.
>
>
> Can anyone provide clarifications on these issues?
I hope that clears things up!
>
>
> Thanks a lot,
>
> Chris W.
> _______________________________________________
> PyAMF users mailing list - users@...
> http://lists.pyamf.org/mailman/listinfo/users
_______________________________________________
PyAMF users mailing list - users@...
http://lists.pyamf.org/mailman/listinfo/users
>
> I was hoping to use RemoteObject to access AMF services.
>
> ...but a note here:
>
> http://pyamf.org/wiki/AuthenticationHowto
>
> ...says "RemoteObject is not supported yet, so requests can be made to
> your services without having the authenticator called."
>
> Does this mean PyAMF is not secure? I want to deploy services that
> require authentication.
Check http://lists.pyamf.org/archives/users/2009-April/001433.html for
background information about this issue.
PyAMF is meant to be a python library that provides AMF en/decoding
support. The remoting and gateway modules are useful add-ons and allow
PyAMF to integrate nicely with web based frameworks (WSGI, Django,
Twisted, etc.).
Since PyAMF doesn't have the support structure to support
authorisation in RemoteObject, the generally accepted way is to roll
your own - or integrate with the web framework that you are using. It
appears that you are using Django so I would check a very good
tutorial written by Joel Hooks - http://joelhooks.com/2008/09/21/django-authorization-from-flex-air-actionscript-via-pyamf/
All this is made possible because the Flash player supports HTTP
session cookies in remoting requests (RemoteObject or otherwise).
> Looking at the other sample, I see something called "WSGIGateway" is
> used. Should I used that instead of DjangoGateway ?
The various gateway implementations allow a smooth integration of
PyAMF with WSGI, Twisted, Django, Pylons, etc. So if you are using
Django - you can use WSGI (as Django supports that) but DjangoGateway
provides the best integration.
> Then I see a sample using Flex's RemoteObject, but with
> authentication:
> http://pyamf.org/browser/examples/trunk/authentication/flash/flex/remoteobject/src/authentication.mxml
>
> I thought this didn't work?
If you run the example you will find the 'onFault' handler is fired
(with a error saying PyAMF doesn't support auth in RO)
> The other sample uses flash code :
>
> import flash.net.NetConnection;
> import flash.net.Responder;
>
> rather then MXML RemoteObject. I'd prefer to use the Flex approach,
> if possible.
>
>
> Can anyone provide clarifications on these issues?
I hope that clears things up!
>
>
> Thanks a lot,
>
> Chris W.
> _______________________________________________
> PyAMF users mailing list - users@...
> http://lists.pyamf.org/mailman/listinfo/users
_______________________________________________
PyAMF users mailing list - users@...
http://lists.pyamf.org/mailman/listinfo/users
« Return to Thread: Question re: auth-n
| Free embeddable forum powered by Nabble | Forum Help |
