Honestly I didn't read the comments, I just seen that video shortly before heading home.
I have been using web2py for a while, just had to make sure you never know right? Anyway's thanks for clearing things up. -- Regards, Bruce On Mon, Dec 19, 2011 at 5:46 PM, Anthony <abasta...@gmail.com> wrote: > Did you read the comments below the video? The comments make it clear that > the video is not demonstrating a web2py vulnerability. The creator of the > video simply used web2py to create a deliberately vulnerable application. > He explicitly avoided using web2py's built-in authentication mechanism, > which does not have the demonstrated vulnerability. Here is a quote: > > *Yes I had to go through unusual mechanisms to create that webapp ;-) I > used web2py just because its a great framework.* > * > * > *By default, are [sic] you explain, web2py does not allow you to create > such vulnerable code. The demo is not meant to show vulnerabilities in > web2py, but rather generic issues found in web applications and how > Acunetix WVS can be used to demonstrate these vulnerabilities.* > > > So, you are safe moving your app to web2py. In fact, web2py takes security > very seriously and is designed to be highly secure by default -- see > http://web2py.com/books/default/chapter/29/1#Security and > http://web2py.com/books/default/chapter/29/0. > > Anthony > > On Monday, December 19, 2011 8:24:18 PM UTC-5, Detectedstealth wrote: >> >> http://www.youtube.com/watch?**v=5ZLmRMLo6HI<http://www.youtube.com/watch?v=5ZLmRMLo6HI> >> >> We are thinking about moving our site from pyramid to Web2py. Are there >> still security holes in Web2py as found in the video? >> >> -- >> -- >> Regards, >> Bruce Wade >> http://ca.linkedin.com/in/**brucelwade<http://ca.linkedin.com/in/brucelwade> >> http://www.wadecybertech.com >> http://www.warplydesigned.com >> http://www.**fitnessfriendsfinder.com<http://www.fitnessfriendsfinder.com> >> > -- -- Regards, Bruce Wade http://ca.linkedin.com/in/brucelwade http://www.wadecybertech.com http://www.warplydesigned.com http://www.fitnessfriendsfinder.com
