Reputation: 4175
How to protect a Google App Engine app with a password?
How would you implement simple password protection on a Google App Engine application? No users authentication, just simple requirement to enter a password in order to open specific page. The other requirement is that the target page should not be displayed if its URL is entered directly.
I'm looking for a solution using Python.
Upvotes: 6
Views: 6547
Answers (2)
Reputation: 1837
If you want to restrict access for the entire app, use URL handler with "login" setting
Check - User and Administrator Login
Upvotes: 1
Reputation: 4489
If you're protecting a single page and need no session persistence.
class MainPage(webapp.RequestHandler):
def post(self):
if self.request.get('user') == 'admin' and self.request.get('pass') == 'soopersecure':
self.response.out.write('authorized');
else:
self.response.out.write("""
<form method="post">
<input type="text" name="user"/>
<input type="password" name="pass"/>
<input type="submit" value="login"/>
</form>""")
Otherwise you could hash the username + salt and hand it to user as a session ID in a cookie and store that session ID into the datastore. Much simpler to use Google accounts though.
http://code.google.com/appengine/docs/python/gettingstarted/usingusers.html
Upvotes: 5
Related Questions
- Custom authentication in Google App Engine
- How can I modify my authentication and authorization on google app engine?
- Best practices for storing passwords in GAE/python
- App Engine: what are best practices for transmitting a password and storing it securely in Google App Engine?
- User authentication best practices
- Username and password login for App Engine?
- python Google App Engine : Webapp2 : Authentication
- App Engine: Restrict application to an authorized set of users
- Google App Engine - how to prevent exposure of passwords
- is my google app engine deployed source code secure?