If I have a page controlled by a function that has access control, do I
need to also validate the same at the download stage?
For example (in pseudo-code):
function x():
1. Check to see if Mark Billion is the authorized user or redirect to
google.com
2. do something
3. return dict(image.file=image.file)
The view has the following
"{{=URL('download', args=image.file)}}"
My thought is that you cannot access either function x or x.html without
being verified as me, and I dont see how you could pass to download()
directly, so there is no reason to add another layer of authentication in
the download function. Thoughts?
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
