Thanks for the help guys! I've implemented something similar to Leonel's suggestion for now.
I've also posted a Google Code issue about this: https://code.google.com/p/web2py/issues/detail?id=1984 On Monday, September 15, 2014 5:43:56 PM UTC-7, Anthony wrote: > > On Monday, September 15, 2014 2:20:06 PM UTC-4, Mark Li wrote: >> >> Ahhh, that is quite frustrating! I see this a quite a big usability >> improvement at virtually no cost to security; would an optional parameter >> like auth.login(return_specific_error=True) still fail security checks for >> owasp? >> > > Maybe post a Google Code issue requesting something like this. I think > maybe we could adjust the code to pass the reason for the failure to the > login_onfail callback, which could then change the session flash or set > some other flag in the session (no need for a new return_specific_error > argument). > > Anthony > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.