התחל במצב לא מקוון עם האפליקציה Player FM !
פודקאסטים ששווה להאזין
בחסות


1 From Hockey Fights to Festival Nights with Troy Vollhoffer 38:51
Security and Authorization in Your Python Web Applications
Manage episode 277418965 series 2637014
So you built a web application in Python. Now how are you going to authorize users? Security goes beyond authentication. Who gets to do what, where, and when? This week on the show, we have Sam Scott, chief technology officer from Oso. Oso is an open-source policy engine for authorization that you embed in your application.
Sam talks about the typical security and authorization challenges developers face. He discusses building an engine on top of your existing Flask or Django app. We cover the concept of policies, business logic, and some common paradigms.
Course Spotlight: Exploring HTTPS and Cryptography in Python
In this course, you’ll gain a working knowledge of the various factors that combine to keep communications over the Internet safe. You’ll see concrete examples of how to keep information secure and use cryptography to build your own Python HTTPS application.
Topics:
- 00:00:00 – Introduction
- 00:01:32 – Sam’s math background
- 00:03:11 – What is Sage?
- 00:04:24 – What is post-quantum cryptography?
- 00:05:19 – Getting Oso started, authentication vs authorization.
- 00:10:01 – What is a policy engine?
- 00:12:57 – Confusing business logic with authorization
- 00:17:09 – Sponsor: Techmeme Ride Home Podcast
- 00:17:38 – Pip installing Oso, adding to Flask or Django
- 00:21:15 – What are common security concerns for developers?
- 00:25:41 – What are security concerns users have?
- 00:27:14 – What are the worst security issues you’ve found in a Python app?
- 00:30:12 – Video Course Spotlight
- 00:31:32 – What are other common authorization “gotchas”?
- 00:37:16 – Additional Oso resources
- 00:39:36 – What does writing in Polar look like?
- 00:42:00 – Are there authorization paradigms?
- 00:46:02 – What are you excited about in the world of Python?
- 00:50:05 – What do you want to learn next?
- 00:50:49 – Thanks and goodbye
Show Links:
- oso on twitter
- Sam on twitter
- oso: an open source policy engine for authorization
- oso Django Docs
- oso Flask Docs
- oso Python Library Docs
- oso Source Code
- oso Debugger Docs
- Adding authorization to your Flask app with oso: oso blog
- Building a Django app with data access controls in 30 min: oso blog
- Generating Django Queryset filters from oso policies: oso blog
- Polar Adventure: a text-based adventure game written in Polar
- Lighting talk on access controls: oso blog
- SageMath: A free open-source mathematics software system
- Post-quantum cryptography: Wikipedia article
- 327: Exploits of a Mom : XKCD Comic
- Little Bobby Tables: Explain XKCD
- Snyk: Developer-first Cloud Native Application Security
- Geekle’s python Universe WEB Edition: 19 November 2020
- WebAssembly(WASM)
Level up your Python skills with our expert-led courses:
266 פרקים
Manage episode 277418965 series 2637014
So you built a web application in Python. Now how are you going to authorize users? Security goes beyond authentication. Who gets to do what, where, and when? This week on the show, we have Sam Scott, chief technology officer from Oso. Oso is an open-source policy engine for authorization that you embed in your application.
Sam talks about the typical security and authorization challenges developers face. He discusses building an engine on top of your existing Flask or Django app. We cover the concept of policies, business logic, and some common paradigms.
Course Spotlight: Exploring HTTPS and Cryptography in Python
In this course, you’ll gain a working knowledge of the various factors that combine to keep communications over the Internet safe. You’ll see concrete examples of how to keep information secure and use cryptography to build your own Python HTTPS application.
Topics:
- 00:00:00 – Introduction
- 00:01:32 – Sam’s math background
- 00:03:11 – What is Sage?
- 00:04:24 – What is post-quantum cryptography?
- 00:05:19 – Getting Oso started, authentication vs authorization.
- 00:10:01 – What is a policy engine?
- 00:12:57 – Confusing business logic with authorization
- 00:17:09 – Sponsor: Techmeme Ride Home Podcast
- 00:17:38 – Pip installing Oso, adding to Flask or Django
- 00:21:15 – What are common security concerns for developers?
- 00:25:41 – What are security concerns users have?
- 00:27:14 – What are the worst security issues you’ve found in a Python app?
- 00:30:12 – Video Course Spotlight
- 00:31:32 – What are other common authorization “gotchas”?
- 00:37:16 – Additional Oso resources
- 00:39:36 – What does writing in Polar look like?
- 00:42:00 – Are there authorization paradigms?
- 00:46:02 – What are you excited about in the world of Python?
- 00:50:05 – What do you want to learn next?
- 00:50:49 – Thanks and goodbye
Show Links:
- oso on twitter
- Sam on twitter
- oso: an open source policy engine for authorization
- oso Django Docs
- oso Flask Docs
- oso Python Library Docs
- oso Source Code
- oso Debugger Docs
- Adding authorization to your Flask app with oso: oso blog
- Building a Django app with data access controls in 30 min: oso blog
- Generating Django Queryset filters from oso policies: oso blog
- Polar Adventure: a text-based adventure game written in Polar
- Lighting talk on access controls: oso blog
- SageMath: A free open-source mathematics software system
- Post-quantum cryptography: Wikipedia article
- 327: Exploits of a Mom : XKCD Comic
- Little Bobby Tables: Explain XKCD
- Snyk: Developer-first Cloud Native Application Security
- Geekle’s python Universe WEB Edition: 19 November 2020
- WebAssembly(WASM)
Level up your Python skills with our expert-led courses:
266 פרקים
כל הפרקים
×

1 Python App Hosting Choices & Documenting Python's History 43:50


1 Large Language Models on the Edge of the Scaling Laws 1:28:34


1 Exploring Mixin Classes in Python 50:15


1 Travis Oliphant: SciPy, NumPy, and Fostering Scientific Python 1:11:20


1 Selecting Inheritance or Composition in Python 46:02


1 Harnessing the Power of Python Polars 1:14:59


1 Design Patterns That Don't Translate to Python 49:12


1 Supporting the Python Package Index 49:49


1 Comparing Real-World Python Performance Against Big O 45:01


1 Solving Problems and Saving Time in Chemistry With Python 1:13:10


1 Structuring Python Scripts & Exciting Non-LLM Software Trends 54:07


1 Scaling Python Web Applications With Kubernetes and Karpenter 1:04:47


1 Starting With marimo Notebooks & Python App Config Management 51:41


1 Rodrigo Girão Serrão: Python Training, itertools, and Idioms 1:02:49


1 Python Thread Safety & Managing Projects With uv 34:48
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.