We start with a simple example. Before we proceed let’s setup a virtualenv environment:

$ virtualenv env
$ env/bin/easy_install wheezy.security[pycrypto]

Protecting Information

Let’s assume we would like to protect some sensitive information, e.g. user id. We can encrypt it, add a hash to prove validity and finally say that this value is valid for 20 minutes only:

from wheezy.security.crypto import Ticket

ticket = Ticket(max_age=1200, salt='p5sArbHFZvxgeEJFrM9h')

Once you have ticket you can encode any string:

protected_value = ticket.encode('hello')

Decode protected_value this way:

value = ticket.decode(protected_value)

User Principal

Ticket can be used to protect user principal over network (e.g. in http cookie):

from wheezy.security import Principal

principal = Principal(
        alias='John Smith')
secure_value = ticket.encode(principal.dump())

Server side now restores this information:

from wheezy.security import ANONYMOUS
from wheezy.security import Principal

principal_dump = ticket.decode(secure_value)
if principal_dump:
    principal = Principal.load(principal_dump)
    principal = ANONYMOUS

Table Of Contents

Previous topic

Getting Started

Next topic

User Guide

This Page