See http://web2py.com/books/default/chapter/29/04/the-core#Digitally-signed-urls.
On Friday, August 5, 2016 at 4:04:30 PM UTC-4, Dave S wrote: > > > > On Friday, August 5, 2016 at 12:06:41 PM UTC-7, Anthony wrote: >> >> How about simply sending the user a link with a timestamp in the query >> string and a digital signature? Then only allow the operation if the >> signature is valid and the current time is prior to the timestamp. If you >> need to ensure the same user cannot submit the form more than once using >> the same link, you could add a unique code to the URL and store that code >> in the database with the form submission -- then don't allow submissions >> with codes that are already in the database. >> >> Anthony >> > > Okay. That sounds pretty straight forward. I'll take a look at this, and > see how well I understood your suggestion. Thanks! > > /dps > > >> >> On Thursday, August 4, 2016 at 10:09:56 PM UTC-4, Dave S wrote: >>> >>> For support issues, I can imagine having a "one time account". That is, >>> the account is created, info sent to the person-being-supported, p-b-s logs >>> in and gets a form page to do what needs to be done, and then is logged out >>> and the account disabled. Any good way to do that without having an admin >>> sitting around watching for p-b-s to show up? >>> >>> I would probably prefer (as a potential p-b-s) to have a time-limited >>> account, where the login queues a scheduler task that in n hours or n days >>> or whatever does the disabling. That way, if p-b-s messes up on the first >>> try at the form, there's a grace period for getting it right. But the >>> original scheme could mostly handle that by having an admin (or support >>> person) re-enable the account. If the support person is the one who >>> recognizes the error, that would be a natural way of handling it. >>> >>> Thoughts? >>> >>> /dps >>> >>> >>> >>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.