There is something new and potentially very important for web2py.
Example:
@auth.requires_login()
def index():
link = A('click me',_href=URL('callback',user_signature=True))
return dict(link=link)
@auth.requires_signature() # NEW!!
def callback():
return dict(hello='hello world')
explanation:
URL(..., user_signature=True) signs the URL using a hmac key that is
private of the user.
@auth.requires_signature() forces the following function to check for
signature. Nobody can call the function but the user that got the link
in the first place. The link is only valid for that user as long as
the user is logged in. If the user logout (even if he/she logs in
again) the link is no longer valid.
You can also use it with {{=LOAD(...,user_signature=True)}}.
This makes very easy to secure ajax calls and many parts of the code.
Basically if you display a link to a user and the link points to a
decorated function, the user has access (for the duration of the
session only). Nobody else has access.
Comments suggestions for improvement?
Let me know if you try it and if you like it.
jqgid in plugin_wiki has a vulnerability that is fixed by this
mechanism. The fixed plugin_wiki can be found in
http://code.google.com/p/cube2py/.
It will be posted again with the new web2py stable.
Ideally I would like to use a generalization of this for federated
access control. Now completely sure how yet.
Massimo
