tags:

views:

51

answers:

1
+3  Q: 

How to protect a Google App Engine app with a password?

How would you implement simple password protection on a Google App Engine application? No users authentication, just simple requirement to enter a password in order to open specific page. The other requirement is that the target page should not be displayed if its URL is entered directly.

I'm looking for a solution using Python.

+2  A: 

If you're protecting a single page and need no session persistence.

class MainPage(webapp.RequestHandler):
    def post(self):
        if self.request.get('user') == 'admin' and self.request.get('pass') == 'soopersecure':
            self.response.out.write('authorized');
        else:
            self.response.out.write("""
<form method="post">
<input type="text" name="user"/>
<input type="password" name="pass"/>
<input type="submit" value="login"/>
</form>""")

Otherwise you could hash the username + salt and hand it to user as a session ID in a cookie and store that session ID into the datastore. Much simpler to use Google accounts though.

http://code.google.com/appengine/docs/python/gettingstarted/usingusers.html

Novikov  2010-09-27 17:12:14
Thanks, it might be the simplest way to return a specific view after user enters correct password. I was thinking though about making a redirect to another section of the site which can contain multiple pages. I think a cookie may be the answer here.
Immortal  2010-09-27 18:51:58

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security