You are taking risks. People can steal your session cookie, access
appadmin and from there run any python code using the query string.
You should not comment those lines but go over https.
Massimo
On Sep 18, 11:46 pm, suiato <homm...@gmail.com> wrote:
> thanks to the instructions on the book and the example
> web2py_wsgi.conf, i now can run web2py with mod_wsgi on apache. admin
> with https worked fine, too, but i had to comment out the lines
> if request.env.remote_addr!=request.env.http_host.split(':')[0]:
> raise HTTP(400)
> in models/appadmin.py.
> is it ok, or am i taking a risk, what kind of risk? any alternatives?
> will appreciate advice.
>
> --
> Teru
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
