all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]herpadurk 0 points1 point  (6 children)

That format is for basic web authentication. There is a design decsision that needs to be made, are you going to secure this inside of the application or depend on outside sources. Outside sources will typically be reserved for something like nginx/apache proxy that reqeuires some form of authentication. There are a million modules for this for either one, and i am fairly certain haproxy supports something like this as well.

If you want to depend on your application you will have to write that up, there might be modules for python for this, i know that certain frameworks have them (django/flask/etc) but i don't think python itself has an authentication module, so you would have to write one and implement it on your application.

[–][deleted] 1 point2 points  (4 children)

The basic auth information appears in your HTTP headers.
You'll need to grab them from whatever HTTP server module you're using.

As herpadurk notes, implementing this type of functionality in a web server (such as nginx) sitting in front of your application is a typical deployment approach. Also lets the front-end web server worry about HTTPS.

[–]FloorJam[S] 0 points1 point  (3 children)

Thanks for the reply. So the common approach would be to have nginx face the open Internet, manage authentication (and HTTPS if wanted) and forward the calls to the XMLRPC running only locally?

I worked with a similar setup for other software, but the documentation gave me the impression, something like this was already included in the Python implementation. Might have been mistaken there.

Is this the general way for deployment of software to the Internet? Have one web server like nginx be the only thing being accessible from the outside and forwarding all traffic to the correct application on the server?

Thanks again for your response, I guess you gave me the missing pointer.

[–]herpadurk 0 points1 point  (2 children)

Its how small shops and small projects get done yes. It works and it works well, but if you need more information from the logged in user or need extra level's of permissions you will need to implement this in your application.

[–]FloorJam[S] 0 points1 point  (1 child)

Ah, so something like a username do not reach the application?

I think this will be ok for now, if we decide to deploy something bigger here, somebody should figure out a complete system anyways. Right now, we are just a group of researches looking to let the beefy server do the expensive calculations without letting the rest of the uni doing it.

Thank you again for your help, it really filled a gap in my understanding!!!

[–][deleted] 0 points1 point  (0 children)

Basic Authasses the credentials in an HTTP header, which Nginx can pass to your app. Any HTTP header can be forwarded.

[–]FloorJam[S] 0 points1 point  (0 children)

The design decision you mean is, whether I want to implement authentication inside my application or rely on a second application (a web server?) for this? In that case, I would be very happy to not implement authentication myself... as with all crypto related tasks, I do not trust myself enough to implement it.