在扭曲的角度经纪人使用备用认证 [英] Use alternate authentication in twisted's Perspective Broker
问题描述
我用扭曲的角度来看,经纪的网络应用。我遇到它会自动使用MD5挑战 - 响应机制进行认证的问题。理想我想preFER不是存储在MD5服务器端散列由于一些安全漏洞。另外,scrypt,bcrypt或PBKDF2提供更安全的算法。
I am using twisted's Perspective Broker for a network application. I encountered the problem that it automatically uses an MD5 challenge-response scheme for authentication. Ideally I would prefer not to store MD5 hashes on the server-side due to a number of security vulnerabilities. Alternatively, scrypt, bcrypt or pbkdf2 provide more secure algorithms.
不过,虽然这些算法都是现成的蟒蛇,我不太看,是否有可能实现使用看代理一个自定义验证方案。从源头上看,它看起来像MD5是非常紧密的系统中集成。
However, while these algorithms are readily available in python, I don't quite see, whether it is possible to implement a custom authentication scheme using the Perspective Broker. Judging from the source, it looks like MD5 is very tightly integrated within the system.
所以我的问题去有经验的用户双绞线:有没有使用自定义的验证方案,而无需重写整个事情的方式。
So my question goes to more experienced twisted users: is there a way to use a custom authentication scheme without having to rewrite the whole thing?
(另外,请纠正我,如果我的任何关于扭曲或加密的假设是错误的。我很新的这两种)。
(Also, please correct me, if any of my assumptions about twisted or cryptography are wrong. I am quite new to both.)
推荐答案
所有你需要的,以实现自定义验证方案做了透视经纪人是实施一套方法根对象当中,建成后的呼叫,提供您所需的应用程序级的对象访问。
All you need to do in order to implement a custom authentication scheme for Perspective Broker is to implement a set of method calls on a root object which, after completion, provide access to your desired application-level object.
您将无法再使用PB的内置的 登录 方法和与之配套的线协议消息,但是这很好;这就是你打算更换的东西反正。)
You won't be able to re-use PB's built-in login method and its accompanying wire-protocol messages, but that's fine; that's the thing you intend to replace anyway :).
请注意,<一个href=\"http://twistedmatrix.com/documents/current/api/twisted.s$p$pad.pb.PBServerFactory.html#__init__\"相对=nofollow>当你构建一个 PBServerFactory ,则提供的根对象的。如果你想调用对象的方法,而不是执行标准PB登录和调用返回的头像方法(即每用户/每连接对象),<一个href=\"http://twistedmatrix.com/documents/current/api/twisted.s$p$pad.pb.PBClientFactory.html#getRootObject\"相对=nofollow>通话 getRootObject 的PB客户工厂,并使用 callRemote 的结果。
Note that when you construct a PBServerFactory, you provide a root object. If you want to call methods on that object, rather than performing a "standard" PB login and calling methods on the returned avatar (i.e. per-user / per-connection object), call getRootObject on the PB client factory and use callRemote on the result.
这篇关于在扭曲的角度经纪人使用备用认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
