Another possible use case -- suppose your application generates various links to a particular action with different combinations of URL args and vars and wants to limit access to that action so only the explicitly generated links will work (i.e., prevent users from generating their own combinations of args and vars). You can digitally sign the allowed URLs and check the signature in the action to prevent any other URLs from working.
Anthony On Wednesday, November 8, 2017 at 9:52:18 AM UTC-5, Leonel Câmara wrote: > > I'll give you an example, lets imagine I have a client database. I want to > send a survey to my clients and I want the survey results to be associated > with their profile in my database (note that my clients do not have users > in my system). I send each one an email with a digitally signed URL, the > signature is specific to the client, now when the client fills the form I > can associate it with his row in my database. > > It is true that anyone can access it if they have the link, the security > is with the secrecy of link, in this case I would be relying that only my > clients would have access to their emails. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
