The Real Python Podcast

Security and Authorization in Your Python Web Applications

Listen Later

So you built a web application in Python. Now how are you going to authorize users? Security goes beyond authentication. Who gets to do what, where, and when? This week on the show, we have Sam Scott, chief technology officer from Oso. Oso is an open-source policy engine for authorization that you embed in your application.

Sam talks about the typical security and authorization challenges developers face. He discusses building an engine on top of your existing Flask or Django app. We cover the concept of policies, business logic, and some common paradigms.

Course Spotlight: Exploring HTTPS and Cryptography in Python

In this course, you’ll gain a working knowledge of the various factors that combine to keep communications over the Internet safe. You’ll see concrete examples of how to keep information secure and use cryptography to build your own Python HTTPS application.

Topics:

  • 00:00:00 – Introduction
  • 00:01:32 – Sam’s math background
  • 00:03:11 – What is Sage?
  • 00:04:24 – What is post-quantum cryptography?
  • 00:05:19 – Getting Oso started, authentication vs authorization.
  • 00:10:01 – What is a policy engine?
  • 00:12:57 – Confusing business logic with authorization
  • 00:17:09 – Sponsor: Techmeme Ride Home Podcast
  • 00:17:38 – Pip installing Oso, adding to Flask or Django
  • 00:21:15 – What are common security concerns for developers?
  • 00:25:41 – What are security concerns users have?
  • 00:27:14 – What are the worst security issues you’ve found in a Python app?
  • 00:30:12 – Video Course Spotlight
  • 00:31:32 – What are other common authorization “gotchas”?
  • 00:37:16 – Additional Oso resources
  • 00:39:36 – What does writing in Polar look like?
  • 00:42:00 – Are there authorization paradigms?
  • 00:46:02 – What are you excited about in the world of Python?
  • 00:50:05 – What do you want to learn next?
  • 00:50:49 – Thanks and goodbye

    • Show Links:

    • oso on twitter
    • Sam on twitter
    • oso: an open source policy engine for authorization
    • oso Django Docs
    • oso Flask Docs
    • oso Python Library Docs
    • oso Source Code
    • oso Debugger Docs
    • Adding authorization to your Flask app with oso: oso blog
    • Building a Django app with data access controls in 30 min: oso blog
    • Generating Django Queryset filters from oso policies: oso blog
    • Polar Adventure: a text-based adventure game written in Polar
    • Lighting talk on access controls: oso blog
    • SageMath: A free open-source mathematics software system
    • Post-quantum cryptography: Wikipedia article
    • 327: Exploits of a Mom : XKCD Comic
    • Little Bobby Tables: Explain XKCD
    • Snyk: Developer-first Cloud Native Application Security
    • Geekle’s python Universe WEB Edition: 19 November 2020
    • WebAssembly(WASM)

      • Level up your Python skills with our expert-led courses:

      • Exploring HTTPS and Cryptography in Python
      • Using Google Login With Flask
      • Getting Started With Django: Building a Portfolio App

        • Support the podcast & join our community of Pythonistas

        ...more
        View all episodesView all episodes
        Download on the App Store
        The Real Python PodcastBy Real Python
        • 4.7
        • 4.7
        • 4.7
        • 4.7
        • 4.7

        4.7

        136 ratings

        More shows like The Real Python Podcast

        View all
        Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

        Software Engineering Radio - the podcast for professional software developers

        272 Listeners

        The Changelog: Software Development, Open Source by Changelog Media

        The Changelog: Software Development, Open Source

        283 Listeners

        Thoughtworks Technology Podcast by Thoughtworks

        Thoughtworks Technology Podcast

        41 Listeners

        Talk Python To Me by Michael Kennedy

        Talk Python To Me

        592 Listeners

        Software Engineering Daily by Software Engineering Daily

        Software Engineering Daily

        624 Listeners

        Soft Skills Engineering by Jamison Dance and Dave Smith

        Soft Skills Engineering

        269 Listeners

        Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

        Super Data Science: ML & AI Podcast with Jon Krohn

        298 Listeners

        Python Bytes by Michael Kennedy and Brian Okken

        Python Bytes

        213 Listeners

        Data Engineering Podcast by Tobias Macey

        Data Engineering Podcast

        142 Listeners

        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

        Syntax - Tasty Web Development Treats

        982 Listeners

        DataFramed by DataCamp

        DataFramed

        266 Listeners

        Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

        Kubernetes Podcast from Google

        181 Listeners

        Practical AI by Practical AI LLC

        Practical AI

        190 Listeners

        The Stack Overflow Podcast by The Stack Overflow Podcast

        The Stack Overflow Podcast

        64 Listeners

        The Pragmatic Engineer by Gergely Orosz

        The Pragmatic Engineer

        52 Listeners