Can Pyramid's Built-in Authentication/Authorization Implement Complex Security Schemes?

Question

It seems like the security model fits very small projects, but that it is probably not feasible to write all possible registered users' hashed passwords in security.py. Do you know any examples of scaling up Pyramid's authentication, or are there any benefits to calling through Pyramid's security scheme into my own database of security information?

Answer 1

I dont think the size of the project is related to the security model. Either you want a simple or a complex security model. Both can be applied to projects of any size. One of Pyramid's strong points is its extensibility.

Why would you store hashed passwords in security.py? (cmiiw here, I probably misunderstood) If you read this on someone's code, that's probably just an example. In real apps, you save them in a storage/persistence system of your choice.

Again, I don't understand what you mean by "scaling up authentication". My guess is you want some working examples:

• tutorial from the docs
• shootout application: small and good example with forms
• pyramid auth demo: complex/granular/row-level permission
• pyramid apex: 3rd party auth (google, twitter, etc) with velruse, forms etc
• pyramid registration: unfinished library; you can steal some ideas from it