[web2py] Re: expose URL to internal web2py functions
I was wondering if it might be possible to limit the URL to functions that are called internally from web2py component calls. In the manual, there is a reference to using a decorator like: @auth.requires(request.cid) Would this be an effective safeguard? Also, is there some way to set this since it only seems to work when LOAD is called and I would like to set it when some code in the model is executed. Avik On Sep 21, 12:10 am, mdipierro mdipie...@cs.depaul.edu wrote: If the URL is exposed and it is accessible via ajax, than it is called by the remote browser. You can only limit access with @auth.requires_login() or other auth recorator. On Sep 20, 6:48 pm, Avik Basu avikb...@gmail.com wrote: I have a generic function called edit_db which allows for editing of database records and is useful for ajax-related form functions such as edit-in-place. The URL that is exposed is something like edit_db/tablename/row_id/fieldname?value=newvalue I would like to make sure that this function can only be accessed by functions within my web2py applications--in particular, widgets which are defined in the model. What is the best way to do this? Avik
[web2py] Re: expose URL to internal web2py functions
No this is not a security measure. This is only a way to decet whether a certain http header exist and that header is usually set for Ajax calls originted from web2py componenets On Sep 21, 11:17 am, Avik Basu avikb...@gmail.com wrote: I was wondering if it might be possible to limit the URL to functions that are called internally from web2py component calls. In the manual, there is a reference to using a decorator like: @auth.requires(request.cid) Would this be an effective safeguard? Also, is there some way to set this since it only seems to work when LOAD is called and I would like to set it when some code in the model is executed. Avik On Sep 21, 12:10 am, mdipierro mdipie...@cs.depaul.edu wrote: If the URL is exposed and it is accessible via ajax, than it is called by the remote browser. You can only limit access with @auth.requires_login() or other auth recorator. On Sep 20, 6:48 pm, Avik Basu avikb...@gmail.com wrote: I have a generic function called edit_db which allows for editing of database records and is useful for ajax-related form functions such as edit-in-place. The URL that is exposed is something like edit_db/tablename/row_id/fieldname?value=newvalue I would like to make sure that this function can only be accessed by functions within my web2py applications--in particular, widgets which are defined in the model. What is the best way to do this? Avik
[web2py] Re: expose URL to internal web2py functions
If the URL is exposed and it is accessible via ajax, than it is called by the remote browser. You can only limit access with @auth.requires_login() or other auth recorator. On Sep 20, 6:48 pm, Avik Basu avikb...@gmail.com wrote: I have a generic function called edit_db which allows for editing of database records and is useful for ajax-related form functions such as edit-in-place. The URL that is exposed is something like edit_db/tablename/row_id/fieldname?value=newvalue I would like to make sure that this function can only be accessed by functions within my web2py applications--in particular, widgets which are defined in the model. What is the best way to do this? Avik