A simple integration of the CTX defense against side-channel attacks for Flask projects.
Project description
flask-ctx
==============
A simple integration of the CTX defense against side-channel attacks for Flask projects.
Requirements
============
- Python 2.5+
- Flask 0.10+
- ctx-defense
Installation
============
- Install the latest stable version using ``pip``:
```sh
pip install flask-ctx
```
Configuration
=============
- Import the *ctx_processor* function from ctx's context processors:
```python
from flask_ctx.context_processors import ctx_processor
```
- Add the *ctx_processor* in the application's context processors:
```python
app.context_processor(ctx_processor)
```
Basic Usage
===========
- Use the *ctx_protect* function to use ctx on secrets:
```html
{{ ctx_protect(secret, origin, alphabet) }}
```
*secret* is a string containing the secret that needs to be protected and *origin*
is a string uniquely identifying the CTX origin for the secret. *alphabet* is
an optional argument to define the alphabet that the secret belongs to, default
being the [ASCII_printable](https://docs.python.org/2/library/string.html#string.printable) characters.
- Add the *ctx_permutations* function to include the used permutations for each
origin:
```html
{{ ctx_permutations() }}
```
The *ctx_permutations* function needs to run after all *ctx_protect* calls
that use an origin for the first time. It is proposed that it is included
before the *</body>* HTML tag.
- Include the ctx *client script* in the template:
```html
<script src="ctx.js"></script>
```
Example
=======
```html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>flask-ctx Example</title>
</head>
<body>
This is a very sensitive secret: {{ ctx_protect("a secret", "origin1") }}
This is another very sensitive secret: {{ ctx_protect("another secret", "origin2") }}
{{ ctx_permutations() }}
<script src="ctx.js"></script>
</body>
</html>
```
==============
A simple integration of the CTX defense against side-channel attacks for Flask projects.
Requirements
============
- Python 2.5+
- Flask 0.10+
- ctx-defense
Installation
============
- Install the latest stable version using ``pip``:
```sh
pip install flask-ctx
```
Configuration
=============
- Import the *ctx_processor* function from ctx's context processors:
```python
from flask_ctx.context_processors import ctx_processor
```
- Add the *ctx_processor* in the application's context processors:
```python
app.context_processor(ctx_processor)
```
Basic Usage
===========
- Use the *ctx_protect* function to use ctx on secrets:
```html
{{ ctx_protect(secret, origin, alphabet) }}
```
*secret* is a string containing the secret that needs to be protected and *origin*
is a string uniquely identifying the CTX origin for the secret. *alphabet* is
an optional argument to define the alphabet that the secret belongs to, default
being the [ASCII_printable](https://docs.python.org/2/library/string.html#string.printable) characters.
- Add the *ctx_permutations* function to include the used permutations for each
origin:
```html
{{ ctx_permutations() }}
```
The *ctx_permutations* function needs to run after all *ctx_protect* calls
that use an origin for the first time. It is proposed that it is included
before the *</body>* HTML tag.
- Include the ctx *client script* in the template:
```html
<script src="ctx.js"></script>
```
Example
=======
```html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>flask-ctx Example</title>
</head>
<body>
This is a very sensitive secret: {{ ctx_protect("a secret", "origin1") }}
This is another very sensitive secret: {{ ctx_protect("another secret", "origin2") }}
{{ ctx_permutations() }}
<script src="ctx.js"></script>
</body>
</html>
```
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size | File type | Python version | Upload date | Hashes |
|---|---|---|---|---|
| Filename, size flask_ctx-1.0.0-py2.py3-none-any.whl (5.4 kB) | File type Wheel | Python version py2.py3 | Upload date | Hashes View |
Close
Hashes for flask_ctx-1.0.0-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 604961fb0bbf6aa6c664e21e530261b61c5902d94697fd1283b2505cdde5597b |
|
| MD5 | ddb5b68c8492dfec37607b81c77ebf48 |
|
| BLAKE2-256 | 7d665fc3fe372330fd4ac5f6801b0078955be1d1453c21e25050dc7d8120fe7a |
