> That makes sense. Thanks. And then it raises another concern: when in the > normal form situation, is it possible a user forges an http post without > several field, in order to bypass the IS_NOT_EMPTY() or whatever validator? > Is this a security vulnerability? >
No, because the forged post request still gets processed by your form logic, which will apply the validators. Anthony -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
