If I'm not mistaken, without the localhost requirement, a fraudster can go to /admin and run a pretty simple dictionary attack since they only need to guess the password.
- [web2py] Admin security: https vs localhost pbreit
- [web2py] Re: Admin security: https vs localhost Massimo Di Pierro
- [web2py] Re: Admin security: https vs localhost pbreit
- [web2py] Re: Admin security: https vs localhost Massimo Di Pierro
- [web2py] Re: Admin security: https vs localhost cjrh
- [web2py] Re: Admin security: https vs localhost pbreit
- [web2py] Re: Admin security: https vs local... cjrh
- [web2py] Re: Admin security: https vs l... Ross Peoples
- [web2py] Re: Admin security: https... Ross Peoples
- [web2py] Re: Admin security: h... cjrh
- [web2py] Re: Admin securit... Ross Peoples
- [web2py] Re: Admin securit... Ross Peoples
- [web2py] Re: Admin securit... cjrh
- [web2py] Re: Admin securit... Ross Peoples
- [web2py] Re: Admin securit... cjrh
- [web2py] Re: Admin securit... Massimo Di Pierro
