Yes but it is not really a bug. appadmin select box is designed to be
used by the administrator, not to be exposed to untrusted users. Admin
must login from localhost or via https using secure session cookies.
This is as secure as SSH. After all the administrator is the
administrator, he already has login access.
Massimo
On Apr 1, 12:07 am, TheDude <officed...@gmail.com> wrote:
> Yarko,
> Does that injection still exist? And, we need a web2py 1.6 soon :P
>
> On Apr 1, 1:00 am, Vidul Petrov <vidul.r...@gmail.com> wrote:
>
> > Thank you, Massimo.
>
> > One more question - a role can have many groups and vice versa, an
> > user can belong to many groups and vice versa?
>
> > On Apr 1, 7:16 am, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > > This is already in Auth. Auth actually does more than unix-like group
> > > based access control. It does Role based access control (group based
> > > is a particular case).
>
> > > gid=auth.add_group(role='Manager')
> > > auth.add_membership(gid, auth.user.id)
> > > auth.add_permission(gid,'call function f')
>
> > > @auth.requires_permission('call function f')
> > > def f(): return 1
>
> > > On Mar 31, 11:01 pm, Vidul Petrov <vidul.r...@gmail.com> wrote:
>
> > > > IMHO such lightweight applications/utilities would make WEB2PY the
> > > > only so capable MVC player.
> > > > In addition I'd like to request comments on, let's call it feature -
> > > > now that Auth is in not an add-on, is there are a place for (optional)
> > > > UNIX-like users/resources management?
> > > > In short: each resource - every controler/action/etc. owned by a given
> > > > user/group, otherwise an user/group "nobody" or "guest".
>
> > > > Does this make any sense?
>
> > > > On Apr 1, 6:29 am, Yarko Tymciurak <yark...@gmail.com> wrote:
>
> > > > > Not sure what you would want to port here; If I take this at face
> > > > > value,
> > > > > here's what is currently documented (I've highlited what I thought
> > > > > might be
> > > > > interesting from a web2py perspective).
> > > > > In general, I think idea of having a package of light weight
> > > > > applications /
> > > > > utilities is something both useful, and (at some level) something
> > > > > we're
> > > > > doing w/ tools... auth, etc.
>
> > > > > - email confirmation
> > > > > - This simple app is for cases where you don’t want to require
> > > > > an
> > > > > email address to signup on your website but you do still want to
> > > > > ask for an
> > > > > email address and be able to confirm it for use in optional
> > > > > parts of your
> > > > > website
> > > > > - timezones
> > > > > - threaded comments
> > > > > - with moderation....
> > > > > - ajax validation
> > > > > - uses jquery
> > > > > - flags
> > > > > - This app lets users of your site flag content as
> > > > > inappropriate or
> > > > > spam.
> > > > > - pagination
> > > > > - oembed
> > > > > - notification
> > > > > - mailer ---- with a mail cue, this _might_ be interesting...
> > > > > - dbtemplates
> > > > > - robots
>
> > > > > On Tue, Mar 31, 2009 at 9:12 PM, mdipierro <mdipie...@cs.depaul.edu>
> > > > > wrote:
>
> > > > > > Perhaps we should do it ourself for real.
>
> > > > > > On Mar 31, 7:11 pm, Yarko Tymciurak <yark...@gmail.com> wrote:
> > > > > > > Guys - this is a Joke .... (see also the "fued between pinax and
> > > > > > > django")....
> > > > > > > see: http://www.ponyransom.com/
>
> > > > > > > and: http://www.pinaxenvy.com/
>
> > > > > > > On Tue, Mar 31, 2009 at 6:28 PM, mdipierro
> > > > > > > <mdipie...@cs.depaul.edu>
> > > > > > wrote:
>
> > > > > > > >http://twitter.com/jtauber/status/1420954914
>
> > > > > > > > James. Are you here?
>
> > > > > > > > Massimo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
