if your original design accepted n fields to calculate the score plus 2 values for partner identifier and access key, the same level of security is provided with a "fragment" that loads the form containing n fields plus the 2 hidden for partner identification.
Briefly, it's a question of partner reliability: the partner can "publish" only the n fields and "privatize" its own identification in its code (i.e. be sure that him and only him posts data with its access key), then post the values to your api "decorating" them with its access identification. Of course the partner can be a lame coder and put its own access key in the public, but then it is its own responsibility in the latter case, you're the one providing identification..... this means you have to figure out how to restrict the access to your form and provide the identification for the "publisher", in a way that for publisher2 it's impossible to "forge" a request coming from publisher1 I can't really figure out a solution where the access identification stays "secured" without asking the partner to post-process the submitted values. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
