The golden rule of web application security is to never trust data from untrusted sources. Sometimes it can be useful to pass data through an untrusted medium. Cryptographically signed values can be passed through an untrusted channel safe in the knowledge that any tampering will be detected.
Django provides both a low-level API for signing values and a high-level API for setting and reading signed cookies, one of the most common uses of signing in web applications.
Você também pode achar a assinatura útil para o seguinte:
SECRET_KEY and SECRET_KEY_FALLBACKS¶Quando você cria um novo projeto Django usando startproject, o arquivo settings.py é gerado automaticamente e recebe um valor aleatório para a SECRET_KEY. Esse valor é a chave para proteger dados assinados – Ela é vital para manter isso seguro, ou atacantes podem usá-la para gerar seus próprios valores assinados.
SECRET_KEY_FALLBACKS can be used to rotate secret keys. The
values will not be used to sign data, but if specified, they will be used to
validate signed data and must be kept secure.
Django’s signing methods live in the django.core.signing module.
To sign a value, first instantiate a Signer instance:
>>> from django.core.signing import Signer
>>> signer = Signer()
>>> value = signer.sign("My string")
>>> value
'My string:GdMGD6HNQ_qdgxYP8yBZAdAIV1w'
The signature is appended to the end of the string, following the colon.
You can retrieve the original value using the unsign method:
>>> original = signer.unsign(value)
>>> original
'My string'
If you pass a non-string value to sign, the value will be forced to string
before being signed, and the unsign result will give you that string
value:
>>> signed = signer.sign(2.5)
>>> original = signer.unsign(signed)
>>> original
'2.5'
If you wish to protect a list, tuple, or dictionary you can do so using the
sign_object() and unsign_object() methods:
>>> signed_obj = signer.sign_object({"message": "Hello!"})
>>> signed_obj
'eyJtZXNzYWdlIjoiSGVsbG8hIn0:Xdc-mOFDjs22KsQAqfVfi8PQSPdo3ckWJxPWwQOFhR4'
>>> obj = signer.unsign_object(signed_obj)
>>> obj
{'message': 'Hello!'}
See Protegendo estruturas de dados complexas for more details.
If the signature or value have been altered in any way, a
django.core.signing.BadSignature exception will be raised:
>>> from django.core import signing
>>> value += "m"
>>> try:
... original = signer.unsign(value)
... except signing.BadSignature:
... print("Tampering detected!")
...
By default, the Signer class uses the SECRET_KEY setting to
generate signatures. You can use a different secret by passing it to the
Signer constructor:
>>> signer = Signer(key="my-other-secret")
>>> value = signer.sign("My string")
>>> value
'My string:EkfQJafvGyiofrdGnuthdxImIJw'
Signer(*, key=None, sep=':', salt=None, algorithm=None, fallback_keys=None)¶Returns a signer which uses key to generate signatures and sep to
separate values. sep cannot be in the URL safe base64 alphabet. This alphabet contains alphanumeric characters, hyphens,
and underscores. algorithm must be an algorithm supported by
hashlib, it defaults to 'sha256'. fallback_keys is a list
of additional values used to validate signed data, defaults to
SECRET_KEY_FALLBACKS.
Obsoleto desde a versão 4.2: Support for passing positional arguments is deprecated.
salt¶If you do not wish for every occurrence of a particular string to have the same
signature hash, you can use the optional salt argument to the Signer
class. Using a salt will seed the signing hash function with both the salt and
your SECRET_KEY:
>>> signer = Signer()
>>> signer.sign("My string")
'My string:GdMGD6HNQ_qdgxYP8yBZAdAIV1w'
>>> signer.sign_object({"message": "Hello!"})
'eyJtZXNzYWdlIjoiSGVsbG8hIn0:Xdc-mOFDjs22KsQAqfVfi8PQSPdo3ckWJxPWwQOFhR4'
>>> signer = Signer(salt="extra")
>>> signer.sign("My string")
'My string:Ee7vGi-ING6n02gkcJ-QLHg6vFw'
>>> signer.unsign("My string:Ee7vGi-ING6n02gkcJ-QLHg6vFw")
'My string'
>>> signer.sign_object({"message": "Hello!"})
'eyJtZXNzYWdlIjoiSGVsbG8hIn0:-UWSLCE-oUAHzhkHviYz3SOZYBjFKllEOyVZNuUtM-I'
>>> signer.unsign_object(
... "eyJtZXNzYWdlIjoiSGVsbG8hIn0:-UWSLCE-oUAHzhkHviYz3SOZYBjFKllEOyVZNuUtM-I"
... )
{'message': 'Hello!'}
Utilizar o argumento salt dessa forma coloca as diferentes assinaturas em diferentes namespaces. A assinatura proveniente de um namespace (um valor para o argumento salt em particular) não pode ser usada para validar a mesma string em texto simples em um namespace diferente usando um valor de salt diferente. Esse resutado é para prevenir um invasor de usar a string gerada e assinada em um local no código como entrada para outro pedaço de código que está gerando (e verificando) assinaturas usando um valor diferente para o argumento salt.
Ao contrário de sua SECRET_KEY, o seu argumento salt não precisa ser mantido em segredo.
TimestampSigner is a subclass of Signer that appends a signed
timestamp to the value. This allows you to confirm that a signed value was
created within a specified period of time:
>>> from datetime import timedelta
>>> from django.core.signing import TimestampSigner
>>> signer = TimestampSigner()
>>> value = signer.sign("hello")
>>> value
'hello:1NMg5H:oPVuCqlJWmChm1rA2lyTUtelC-c'
>>> signer.unsign(value)
'hello'
>>> signer.unsign(value, max_age=10)
SignatureExpired: Signature age 15.5289158821 > 10 seconds
>>> signer.unsign(value, max_age=20)
'hello'
>>> signer.unsign(value, max_age=timedelta(seconds=20))
'hello'
TimestampSigner(*, key=None, sep=':', salt=None, algorithm='sha256')¶sign(value)¶Assina um value e adiciona um rótulo com o horário atual nele.
unsign(value, max_age=None)¶Verifica se o valor foi assinado a menos de max_age segundos atrás, caso contrário lança SignatureExpired. O parâmetro max_age pode aceitar um inteiro ou um objeto da classe datetime.timedelta.
sign_object(obj, serializer=JSONSerializer, compress=False)¶Encode, optionally compress, append current timestamp, and sign complex data structure (e.g. list, tuple, or dictionary).
unsign_object(signed_obj, serializer=JSONSerializer, max_age=None)¶Checks if signed_obj was signed less than max_age seconds ago,
otherwise raises SignatureExpired. The max_age parameter can
accept an integer or a datetime.timedelta object.
Obsoleto desde a versão 4.2: Support for passing positional arguments is deprecated.
If you wish to protect a list, tuple or dictionary you can do so using the
Signer.sign_object() and unsign_object() methods, or signing module’s
dumps() or loads() functions (which are shortcuts for
TimestampSigner(salt='django.core.signing').sign_object()/unsign_object()).
These use JSON serialization under the hood. JSON ensures that even if your
SECRET_KEY is stolen an attacker will not be able to execute
arbitrary commands by exploiting the pickle format:
>>> from django.core import signing
>>> signer = signing.TimestampSigner()
>>> value = signer.sign_object({"foo": "bar"})
>>> value
'eyJmb28iOiJiYXIifQ:1kx6R3:D4qGKiptAqo5QW9iv4eNLc6xl4RwiFfes6oOcYhkYnc'
>>> signer.unsign_object(value)
{'foo': 'bar'}
>>> value = signing.dumps({"foo": "bar"})
>>> value
'eyJmb28iOiJiYXIifQ:1kx6Rf:LBB39RQmME-SRvilheUe5EmPYRbuDBgQp2tCAi7KGLk'
>>> signing.loads(value)
{'foo': 'bar'}
Because of the nature of JSON (there is no native distinction between lists
and tuples) if you pass in a tuple, you will get a list from
signing.loads(object):
>>> from django.core import signing
>>> value = signing.dumps(("a", "b", "c"))
>>> signing.loads(value)
['a', 'b', 'c']
dumps(obj, key=None, salt='django.core.signing', serializer=JSONSerializer, compress=False)¶Returns URL-safe, signed base64 compressed JSON string. Serialized object
is signed using TimestampSigner.
loads(string, key=None, salt='django.core.signing', serializer=JSONSerializer, max_age=None, fallback_keys=None)¶Inverso da função dumps(), lança BadSignature se a assinatura falhar. Verifica o max_age (em segundos) se fornecido.
ago. 06, 2024