Tool and Usage
Django-sudo provides a view decorator for Django web applications. It mimics the behavior of sudo on Linux systems and requires reauthentication.
Why this tool?
For some destructive events like removing an account, you may want to revalidate if the user really wants to continue. To ensure it is the actual owner of the account, django-sudo requests authentication again within the web application. GitHub uses this as well for some events like ownership changes and deletions.
How it works
Django-sudo works by setting a short living cookie that typically expires before the main authentication cookie. When a view has the @sudo_required decorator, then the presence of this cookie is checked. If not set, authentication will be requested to continue.
Usage and audience
django-sudo is commonly used for application security. Target users for this tool are developers.
- + More than 10 contributors
- + The source code of this software is available
Author and Maintainers
Django-sudo is under development by Matt Robenolt.
Support operating systems
Django-sudo is known to work on Linux, macOS, and Microsoft Windows.