Re: [web2py] 404 error page

2022-11-21 Thread Murat KAŞIKÇIOĞLU 
Hi,
May be this page gives you a clue:
http://www.web2py.com/books/default/chapter/34/04/the-core#Routes-on-error
Best,
Murat.



Silvian “Top 10 Answers” Cedru , 22 Kas 2022 Sal,
10:08 tarihinde şunu yazdı:

> Is there a way if a site is not existing to display a custom error page I
> was looking in the docs but I could not find anything .
>
> This is how it looks now :
>
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/web2py/a65fd795-c8f4-40b0-b911-a1096761dd79n%40googlegroups.com
> 
> .
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/CAC5t_JyQZezhC28CCr8JKnqT%2BzKNEYMEvDSoeGfi-H00dp0JiQ%40mail.gmail.com.

[web2py] 404 error page

2022-11-21 Thread Silvian “Top 10 Answers” Cedru 
Is there a way if a site is not existing to display a custom error page I 
was looking in the docs but I could not find anything .

This is how it looks now :


-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/a65fd795-c8f4-40b0-b911-a1096761dd79n%40googlegroups.com.

Re: [web2py] Re: Issue password in plain text before sending when login in the website via HTTPS

2022-11-21 Thread Silvian Cedru 
Thank you, but do you have any suggestions what to do cause our
cybersecurity officer keeps complaining about that wo I need change some
settings in web2py or do you have an idea how I can sort it out ?

Kind regards

Am Di., 22. Nov. 2022 um 02:23 Uhr schrieb Christian Varas <
chriiisti...@gmail.com>:

> Hi,
> It's OK, it's the way it works, If you put s local proxy like burp and
> then you go and capture traffic, it is ok that you can see clear text data
> because burp proxy puts their own certificate between client and backend,
> because of that burp proxy can decrypt and show you clear text data. If you
> sniff with a packet capture like wireshark, you will see everything is
> encrypted.
>
> Salting your password/username before sending it is not really secure,
> because hashing the username/password before sending, would need to be
> performed in the browser via javascript and if the hash process happens in
> the client side, you can see how encryption is made and reverse it .
>
> Cheers.
> Chris.
>
> El lun, 21 nov 2022 a las 5:01, Silvian “Top 10 Answers” Cedru (<
> silvian.ce...@gmail.com>) escribió:
>
>> Its weird why does web2py do not salt username and password before
>> sending it ?
>>
>> Silvian Cedru schrieb am Montag, 21. November 2022 um 09:25:05 UTC+7:
>>
>>> Here is a screenshot after sniffing the network and it is weird since it
>>> has HTTPS I thought you could not sniff out the password when someone logs
>>> ins so I need to salt or Hash it but I am not sure where I find the file
>>> and what to change . Would be awesome if someone could help.
>>>
>>> Silvian Cedru schrieb am Donnerstag, 17. November 2022 um 11:05:34 UTC+7:
>>>
 Hello everyone ,

 I just found out that when you login in my application my password gets
 send in plain text even I thought it gets hashed does someone know a
 solution how to salt or hash the password before sending ?


 --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/web2py/3b380bb2-b908-4e8e-be5a-bc465196c38fn%40googlegroups.com
>> 
>> .
>>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/web2py/CA%2Bs%2BuJv2ddys7nQV5%3DCu7xbM%3DQ-vqu09%3DDL2ZMHoN2TNBYsO7A%40mail.gmail.com
> 
> .
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/CABLX3EHdKqy44MNoay_TusmDkG%3Dn1z%3DwoDGc9U6Hqvdkqhz%3DYA%40mail.gmail.com.

Re: [web2py] Re: Issue password in plain text before sending when login in the website via HTTPS

2022-11-21 Thread Christian Varas 
Hi,
It's OK, it's the way it works, If you put s local proxy like burp and then
you go and capture traffic, it is ok that you can see clear text data
because burp proxy puts their own certificate between client and backend,
because of that burp proxy can decrypt and show you clear text data. If you
sniff with a packet capture like wireshark, you will see everything is
encrypted.

Salting your password/username before sending it is not really secure,
because hashing the username/password before sending, would need to be
performed in the browser via javascript and if the hash process happens in
the client side, you can see how encryption is made and reverse it .

Cheers.
Chris.

El lun, 21 nov 2022 a las 5:01, Silvian “Top 10 Answers” Cedru (<
silvian.ce...@gmail.com>) escribió:

> Its weird why does web2py do not salt username and password before sending
> it ?
>
> Silvian Cedru schrieb am Montag, 21. November 2022 um 09:25:05 UTC+7:
>
>> Here is a screenshot after sniffing the network and it is weird since it
>> has HTTPS I thought you could not sniff out the password when someone logs
>> ins so I need to salt or Hash it but I am not sure where I find the file
>> and what to change . Would be awesome if someone could help.
>>
>> Silvian Cedru schrieb am Donnerstag, 17. November 2022 um 11:05:34 UTC+7:
>>
>>> Hello everyone ,
>>>
>>> I just found out that when you login in my application my password gets
>>> send in plain text even I thought it gets hashed does someone know a
>>> solution how to salt or hash the password before sending ?
>>>
>>>
>>> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/web2py/3b380bb2-b908-4e8e-be5a-bc465196c38fn%40googlegroups.com
> 
> .
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/CA%2Bs%2BuJv2ddys7nQV5%3DCu7xbM%3DQ-vqu09%3DDL2ZMHoN2TNBYsO7A%40mail.gmail.com.

[web2py] Re: Issue password in plain text before sending when login in the website via HTTPS

2022-11-21 Thread Silvian “Top 10 Answers” Cedru 
Its weird why does web2py do not salt username and password before sending 
it ?

Silvian Cedru schrieb am Montag, 21. November 2022 um 09:25:05 UTC+7:

> Here is a screenshot after sniffing the network and it is weird since it 
> has HTTPS I thought you could not sniff out the password when someone logs 
> ins so I need to salt or Hash it but I am not sure where I find the file 
> and what to change . Would be awesome if someone could help.
>
> Silvian Cedru schrieb am Donnerstag, 17. November 2022 um 11:05:34 UTC+7:
>
>> Hello everyone ,
>>
>> I just found out that when you login in my application my password gets 
>> send in plain text even I thought it gets hashed does someone know a 
>> solution how to salt or hash the password before sending ?
>>
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/3b380bb2-b908-4e8e-be5a-bc465196c38fn%40googlegroups.com.