A weekly Python podcast hosted by Christopher Bailey with interviews, coding tips, and conversation with guests from the Python community. The show covers a wide range of topics including Python programming best practices, career tips, and related software development topics. Join us every Friday morning to hear what's new in the world of Python programming and become a more effective Pythonista.

Security and Authorization in Your Python Web Applications

November 13, 2020 0:51:40 37.32 MB Downloads: 0

So you built a web application in Python. Now how are you going to authorize users? Security goes beyond authentication. Who gets to do what, where, and when? This week on the show, we have Sam Scott, chief technology officer from Oso. Oso is an open-source policy engine for authorization that you embed in your application.

Sam talks about the typical security and authorization challenges developers face. He discusses building an engine on top of your existing Flask or Django app. We cover the concept of policies, business logic, and some common paradigms.

Course Spotlight: Exploring HTTPS and Cryptography in Python

In this course, you’ll gain a working knowledge of the various factors that combine to keep communications over the Internet safe. You’ll see concrete examples of how to keep information secure and use cryptography to build your own Python HTTPS application.

Topics:

  • 00:00:00 – Introduction
  • 00:01:32 – Sam’s math background
  • 00:03:11 – What is Sage?
  • 00:04:24 – What is post-quantum cryptography?
  • 00:05:19 – Getting Oso started, authentication vs authorization.
  • 00:10:01 – What is a policy engine?
  • 00:12:57 – Confusing business logic with authorization
  • 00:17:09 – Sponsor: Techmeme Ride Home Podcast
  • 00:17:38 – Pip installing Oso, adding to Flask or Django
  • 00:21:15 – What are common security concerns for developers?
  • 00:25:41 – What are security concerns users have?
  • 00:27:14 – What are the worst security issues you’ve found in a Python app?
  • 00:30:12 – Video Course Spotlight
  • 00:31:32 – What are other common authorization “gotchas”?
  • 00:37:16 – Additional Oso resources
  • 00:39:36 – What does writing in Polar look like?
  • 00:42:00 – Are there authorization paradigms?
  • 00:46:02 – What are you excited about in the world of Python?
  • 00:50:05 – What do you want to learn next?
  • 00:50:49 – Thanks and goodbye

Show Links:

Support the podcast & join our community of Pythonistas