thank you for the response Massimo, I do agree with your thoughts regarding the vulnerability exposed upon a new registration ! that can easily be arranged by adding an additional table to manage all users profile pics ! ... that way, a user can only upload his avatar ( or picture ) only when they are already registered and when they decide to edit their profile, they will be able to upload their own pic ...
However, I still foresee the same problem, when it comes to edit that profile pic, with the crud.update for that eventual userimage table that will referenced the appropriate auth_user table record... I come to realize that there are many issues or challenges regarding pictures, uploading pictures, *viewing pictures upon uploads before submitting or updating a form (or crud)* etc .. throughout the web2py forum .... This is a matter that needs to be addressed head on, through a slice or a how to article, we know that it certainly involves ajax ... but many before me had experienced that problem and though out this web2py user forum, no effective solutions or how tos really stands out .. there is no solid approach to this ! .. if there is one, then I have not found it ! ...or if someone knows ... please point me in a that direction ! Can someone stand up .... take the time and share or write a good slice about this ! ... a lot of users will benefit from this ! .. the few slices that exist about file uploads and ajax are not well explained or outdated or simply do not work ! thank you Don --
