We can break application security down into two considerations: authentication and authorization. We need to know who the user is and we need to be sure that the user is authorized to execute the particular WSGI application. This is handled relatively simply using both the HTTP
Authorization header for credentials to ensure an encrypted transmission of these credentials.
If we use SSL, we can simply use the HTTP Basic Authorization mode. This version of the
Authorization header can include a username and password in each request. For more elaborate measures, we can use HTTP Digest Authorization, which requires an exchange with the server to get a piece of data called a nonce that's used to create the digest in a more ...