There is something new and potentially very important for web2py. Example: @auth.requires_login() def index(): link = A('click me',_href=URL('callback',user_signature=True)) return dict(link=link)
@auth.requires_signature() # NEW!! def callback(): return dict(hello='hello world') explanation: URL(..., user_signature=True) signs the URL using a hmac key that is private of the user. @auth.requires_signature() forces the following function to check for signature. Nobody can call the function but the user that got the link in the first place. The link is only valid for that user as long as the user is logged in. If the user logout (even if he/she logs in again) the link is no longer valid. You can also use it with {{=LOAD(...,user_signature=True)}}. This makes very easy to secure ajax calls and many parts of the code. Basically if you display a link to a user and the link points to a decorated function, the user has access (for the duration of the session only). Nobody else has access. Comments suggestions for improvement? Let me know if you try it and if you like it. jqgid in plugin_wiki has a vulnerability that is fixed by this mechanism. The fixed plugin_wiki can be found in http://code.google.com/p/cube2py/. It will be posted again with the new web2py stable. Ideally I would like to use a generalization of this for federated access control. Now completely sure how yet. Massimo