Hi I just need a little advice here.
There are logged in users on my website that are given permission to access a particular html page. The page changes depending on the user logged in. The controller decides on whether the user can access that page or not. The html page calls LOADs. How do I properly secure these LOAD calls with the same permission as the html parent? (Otherwise people can just put the LOAD file address in the browser and see it.) Now, I am running the same database checks in the LOAD as in the html, so there is duplication here. Should I use the http referrer request.env.http_referer to check that the caller is correct or is there a better way? Thanks for your time. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
