Hi
I have deployed my aplication in GAE and /appadmin/manage/auth works fine,
asking a login to access.
But, if I try to go to: https://myapp.appspot.com/appadmin
Then the browser asks me: Sign in with your google account
https://www.google.com/accounts/ServiceLogin?service=ahpassive=truecontinue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://clubatletismosada.appspot.com/appadminltmpl=gmshdf=Ch8LEgZhaG5hbWUaE0NsdWIgQXRsZXRpc21vIFNhZGEMEgJhaCIU4rpxyPjOtFDC1cxqbSHxn4qazIsoATIUrdvnPgTHKBlIIF_ylVxiINsy4sI
.
Ok, I sing wiht my google account (the owner of the application) and I can
access to the whole database appadmin without loggin in as 'administrator'
like in /appadmin/manage/auth
So If the browser keeps the session anyone can access to my app database
from this browser. I have to remove the cookie of the session.
I think it is a lack of security.
So I would like to limit the access to https://myapp.appspot.com/ in the
same way that /appadmin/manage/auth
Thanks
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.