I have no [logout] button when I am in https://myapp.appspot.com/appadmin because I have not logged in. I can access to this page through google count access
I have tried to deploy the application through a terminal with the local server admin app logged out, but it had no effect. I'll make a complete example in a few minutes... El miércoles, 7 de enero de 2015 20:20:25 UTC+1, Massimo Di Pierro escribió: > > you try go to the admin app /admin and press the [logout] button? > > On Wednesday, 7 January 2015 11:34:19 UTC-6, Jacinto Parga wrote: >> >> Well, but I log out the application. Then I clean the browser history and >> just put in the browser >> * https://myapp.appspot.com/appadmin >> <https://myapp.appspot.com/appadmin>I am required to sign with google >> account.* >> >> I do so, and I can access the appadmin complete fucntionality, but I had >> not logged in the application at all, neither as an user with admin >> privileges nor a simple user. And there is no way to log out as I have not >> logged in the application. If I log out my google account I can continue >> using the appadmin interface. Even if I log in with another different >> google account and access several minutes later to the appadmin. >> >> If I use the https://myapp.appspot.com/appadmin/manage/auth then >> everything works fine because I have to log in as an user with admin >> privileges. >> >> It is very useful for me to be able to access to appadmin in the >> application deployed in google app engine, but how can I force it to log in >> as an user with admin privileges? >> >> El miércoles, 7 de enero de 2015 15:47:20 UTC+1, Massimo Di Pierro >> escribió: >>> >>> I partially agree. Problem is you signed out of google but you did not >>> sign out of admin. appadmin authorizes you if you are logged into admin. >>> The fact you logout from google does not automatically sign you out from >>> admin. >>> >>> Can you reproduce the problem if you sign our from admin? >>> >>> On Wednesday, 7 January 2015 06:08:13 UTC-6, Jacinto Parga wrote: >>>> >>>> Hi >>>> >>>> I have deployed my aplication in GAE and /appadmin/manage/auth works >>>> fine, asking a login to access. >>>> >>>> But, if I try to go to: https://myapp.appspot.com/appadmin >>>> >>>> Then the browser asks me: Sign in with your google account >>>> <https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://clubatletismosada.appspot.com/appadmin<mpl=gm&shdf=Ch8LEgZhaG5hbWUaE0NsdWIgQXRsZXRpc21vIFNhZGEMEgJhaCIU4rpxyPjOtFDC1cxqbSHxn4qazIsoATIUrdvnPgTHKBlIIF_ylVxiINsy4sI> >>>> . >>>> >>>> Ok, I sing wiht my google account (the owner of the application) and I >>>> can access to the whole database appadmin without loggin in as >>>> 'administrator' like in /appadmin/manage/auth >>>> >>>> So If the browser keeps the session anyone can access to my app >>>> database from this browser. I have to remove the cookie of the session. >>>> >>>> I think it is a lack of security. >>>> >>>> So I would like to limit the access to >>>> https://myapp.appspot.com/appadmin in the same way that >>>> /appadmin/manage/auth >>>> >>>> Thanks >>>> >>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
