On Thursday, February 2, 2012 1:34:33 PM UTC-5, Jim S wrote: > > You are good! > > Is this done because of a security concern? Would 'best practice' dictate > that I not use the generic views. >
Yes, it's a security concern. generic.json in particular will reveal everything passed to the view, including db fields that were selected but not intended to be exposed (e.g., the password field when selecting a user record) and variables intended only to implement logic within the view. It's generally safer to implement specific views or to enable generic views selectively (i.e., only the specific generic view needed for a specific function). This is discussed here: http://web2py.com/books/default/chapter/29/10#Generic-views. Anthony
