Skip to main content

Application development framework

Project description

Application development framework.

Project Goals

  • Strong security by default.

  • Focus on being developer-oriented.

  • Promote funcional pythonic style.

  • Promote continuous testing+profiling.

Why Fanery

Fanery is an opinionated development framework build around a few simple concepts:

  • Strong criptography must be transparent and enabled by default.

  • Encryption must only rely on unbroken high-quality ciphers/algorithms/implementations.

  • Encryption must rely exclusively on cryptographic keys generated server side.

  • Session security must not rely on SessionIDs, bizare URLs, secure cookies, secret tokens, magic keys or any other piece of information that can be guessed or stolen during transmission.

  • Capture and re-transmission of encrypted messages must be pointless.

  • The framework must protect transparently against brute-force and authenticated sessions abuse.

  • The framework must handle transparently input serialization to harmless/built-in only object types.

  • The framework must not depend on strict/pre-defined configuration style/format and/or directory structure.

  • The framework must not tie to a particular storage or UI technology.

  • The framework must provide the facilities for easy testing/debugging and profiling.

  • The framework must not rely on components that inhibit elastic/horizontal scalability.

  • The framework must work seamessly in multi-thread/multi-process or event-driven environments.

A lot of discussions happens around “JavaScript criptography considered harmfull” so a bit of clarification is needed to understand why and how Fanery use it:

  • HTTPS cannot be replaced by JavaScript criptography, however SSL/TLS is no help against the majority of common attacks, that’s why Fanery use “scrypt + NaCl + One-Time Pad” (both server and client side) to achieve protection against many of those threats using JavaScript criptography together with HTTPS and not as a replacement.

Install howto

  1. First make sure to install successfully the following C libraries

pip install cxor pip install ujson pip install PyNaCl pip install scrypt pip install bsdiff4 pip install ciso8601 pip install python-libuuid pip install msgpack-python

  1. Then install Fanery and run test files

pip install Fanery

python tests/test_service.py

  1. Enable debugging/profiling facilities installing the following packages

pip install ipdb pip install xtraceback pip install profilehooks pip install line-profiler pip install memory-profiler pip install linesman objgraph

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Fanery-0.2.0.tar.gz (317.5 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page