finally i backtracked to decorate everything along the 'chain'. It looks
safer and i am concerned with security
thanks again
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list
>
> As long as you are making requests the login won't expire, as the
>> expiration is measured from the time of the last request.
>>
>
>
> I don't know the maths web2py uses to calculate this ?
> does this mean a logged in user is logged out only if he stays idle (make
> no request) for the
>
> @auth.requires_login()
> def main_func():
> form = SQLFORM(db.atable)
> if form.process(onvalidation=..., dbio=False).accepted:
> rtn = scheduler.queue_task(task_func,….)
> if not rtn.id: #there are errors
> raise HTTP(404)
> else:
>
On Wednesday, November 8, 2017 at 11:17:37 AM UTC-5, Pierre wrote:
>
> yes of course but Leonel your use-case looks very similar to the Auth case
> (i mean user_signature=true + @auth.requires_signature) . It's also a one
> hmac_key per user|client case. Actually i am not so much interested in
Another possible use case -- suppose your application generates various
links to a particular action with different combinations of URL args and
vars and wants to limit access to that action so only the explicitly
generated links will work (i.e., prevent users from generating their own
I'll give you an example, lets imagine I have a client database. I want to
send a survey to my clients and I want the survey results to be associated
with their profile in my database (note that my clients do not have users
in my system). I send each one an email with a digitally signed URL,
if the user is logged-in you do not have to pass an hmac_key. It is
automatically generated per-session.
On Friday, 6 March 2015 05:26:47 UTC-6, Annet wrote:
I read chapter 29/04 on digitally signed urls. and have a question.
I have sort of a router function which routes requests:
def
Hi Massimo,
Thanks for your reply.
if the user is logged-in you do not have to pass an hmac_key. It is
automatically generated per-session.
The user is not logged in, the router function is part of the public
functions of my application. The URL
contains three arguments that determine which
you have to use this its working fine :-
def one():
KEY = 'mykey'
return dict(link=URL('two', vars=dict(a=123), hmac_key=KEY))
def two():
if not URL.verify(hmac_key=KEY): raise HTTP(403)
# do something
return locals()
On Sunday, April 15, 2012 7:33:00 AM UTC+5:30,
Thanks Niphlod, adding request works! The book should be corrected.
you're right, book is wrong, correct use is:
KEY = 'mykey'
def one():
return dict(link=URL('two', vars=dict(a=123), hmac_key=KEY))
def two():
if not URL.verify(request, hmac_key=KEY): raise HTTP(403)
# do something
return locals()
Il giorno domenica 15 aprile 2012 04:03:00
11 matches
Mail list logo
