well, the source code is available since the example app is released with web2py... I don't think any "security" is breached if someone is accessing those pages.
PS: Of course in production you should deploy only your app and remove examples. Welcome and admin are also going to be removed if you don't need to develop something on the server. PS2: Expect a lot of scanning also at urls like /phpmyadmin/, /wp-admin/ etc .... trolls and auto-bots are never going to stop probing urls. On Saturday, December 22, 2012 2:46:59 PM UTC+1, Adi wrote: > > Just noticed from gogle webmaster tools that someone was probing into > links bellow and got 500 server response for each. Is there anything that > could potentially be dangerous from a security prospective, since > "examples" get deployed with every installation of web2py? (I deleted it > now in production, but didn't think of it as a threat before) > > examples/global/vars > examples/global/vars/H1/__class__ > examples/global/vars/XML/__class__ > examples/global/vars/INPUT/__class__ > examples/global/vars/IS_NOT_EMPTY/__class__ > examples/global/vars/IS_IN_SET/__class__ > examples/global/vars/IS_INT_IN_RANGE/__class__ > examples/global/vars/DIV/__class__ > examples/global/vars/HTML/__class__ > examples/global/vars/A/__class__ > examples/global/vars/SELECT/__class__ > examples/simple_examples/raiseexception > examples/global/vars/BODY/__class__ > examples/global/vars/IS_EMAIL/__class__ > examples/global/vars/TEXTAREA/__class__ > examples/global/vars/SQLTABLE/__class__ > examples/global/vars/SQLFORM/__class__ > examples/global/vars/IS_NOT_IN_DB/__class__ > examples/global/vars/IS_IN_DB/__class__ > examples/global/vars/FORM/__class__ > examples/global/vars/Field/__class__ > examples/global/vars/BEAUTIFY/__class__ > examples/global/vars/HTTP/__class__ > examples/global/vars/MARKMIN/__class__ > examples/global/vars/TABLE/__class__ > examples/simple_examples/rss_aggregator > examples/global/vars/TR/__class__ > > --