Hey everyone, So I have a bunch of static files, managed by the database, which are not proprietary. They will be public content on the web site. I put them in the static folder so they can be served by Apache instead of streamed by web2py.
As I developed, I put a link in to download these files, or render the images to the user. These links use the web2py obfuscated file name, as the files were put in these folders through the upload mechanism. My question is: Is there an inherent security risk in doing this? The files include the table names obviously, and the obfuscated name. Could these files be used to attack that table somehow? (obviously if my controllers are not secure, that's a problem, but more from just exposing these obfuscated names to the public) Thanks in advance! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
