DjangoCon 2015

Cómo implementar bien la seguridad de tu API REST con Python

Jeff Schenck  · 

Presentación

Vídeo

Transcripción

Extracto de la transcripción automática del vídeo realizada por YouTube.

Thanks hi so thank you so much for being here for listening um I'm going to be talking about REST API is here and specifically security of REST API s and kind of even more specifically authorization authentication within your REST API so hopefully that's

what you're all interested in there's gonna be a little bit of knowledge of Django rest framework that's gonna be helpful but hopefully if you haven't gotten a chance to play with it I'll give you a very quick primer that hopefully will

kind of get you started there so what are we gonna go through today we're gonna talk about why restau why is this important right now why our REST API is a big deal what am I talking about them and why have they changed a little bit in their scope and

caused all of these at least for me security considerations we're gonna talk a little bit about what the state of rest is today so if you're writing a jingle app and and you want to REST API what do you do and then we're gonna get into security

a little bit a quick overview of kind of the considerations around security authorization when you're doing a REST API we're going to talk about some of the strategies that we've come up with to write clear maintainable permission schemes for your

API and then we're gonna talk a little bit about what I hope happens tomorrow and you know I think our tooling is not quite there yet and I want to talk about how we might be able to get it there so that we can write really clear sane easy API permissioning

all right so let's let's get started why are we talking about rest and the simple answer is all of these guys angular backbone and so on have just exploded in popularity in the last couple of years you know and there's there's there's all

this growth they're really taking over a big chunk of what we do as well you know as web developers and so you know the more nuanced answer there then is I want to talk a little bit about kind of the the pieces of your app what's running what's

running where and where these new JavaScript frameworks come into play and how that changes the game a little bit so you can break down your application into three basic components very roughly display logic right which is happening traditionally on the browser

app logic which is kind of what's running your app and then data stores and the traditional way that you know historically these have been broken broken out is the display logic happens on the front end or in the browser right pretty straightforward and

then your application logic and the data stores and all that all lives on the server the back end and you know historically we've used HTML CSS and JavaScript to talk to the browser and then the browser post some semi HTML form back to the server and it

all worked really well until we wanted to do more things in the browser right and we came up with this ajax thing and we sort of shoehorned it in there and that worked fairly well for a while and things grew and grew and we started doing more and more of the

application logic on the front end in the browser right and this is really you know with with angular and backbone and so on that's where this really kind of came into its own is huge portions of what was what's your you know your app logic which traditionally

lived on a server is now happening in the browser right and it turned out that app logic needed to sit a little closer to your data right and so we came up with or you know it's been around for a little while but we started using rest really heavily to

shovel that information back and forth that at a lower level between the front end in the backend because you do this app logic in the front so let's start talking about how we do that today the state of rest today this is just Google Trends which is you

know take it for what it is but the blue line there is Django rest framework the other two lines are piston and tasty pie I think there's a couple of interesting things to note about this graph one is Django rest framework seems to be the clear winner

[ ... ]

Nota: se han omitido las otras 1.982 palabras de la transcripción completa para cumplir con las normas de «uso razonable» de YouTube.