Additionally, this[1] part of web2py book can help you too. *********************************
*... By default, Auth protects logins against cross-site request forgeries (CSRF). This is actually provided by web2py's standard CSRF protection whenever forms are generated in a session. However, under some circumstances, the overhead of creating a session for login,password request and reset attempts may be undesirable. DOS attacks are theoretically possible. CSRF protection can be disabled for Auth forms (as of v 2.6):* *Auth = Auth(..., csrf_prevention = False)* *Note that doing this purely to avoid session overload on a busy site is not recommended because of the introduced security risk. Instead, see the Deployment chapter for advice on reducing session overheads.......* **************************** [1] - http://web2py.com/books/default/chapter/29/09/access-control 2015-08-05 12:45 GMT-03:00 José Ricardo Borba <jrborba...@gmail.com>: > Hi, Jon, > > Now its more clear to me what you really need. Maybe this slice from > Bruno[1] can help you. I think that YES. ;-) > > [1] - http://www.web2pyslices.com/slice/show/1533/restful-api-with-web2py > > Best Regards, > > José Ricardo Borba > > > 2015-08-05 12:39 GMT-03:00 Jon M. <lej...@gmail.com>: > >> Hi José! Thanks for suporting too! C: >> >> I'm learning about this framework, and I have a glimpse of what the >> browser does in data exchange between web pages and backend stuff... But, >> in this application, I'm afraid we want to provide the right interface for >> the backend. >> >> So, no web forms, at least not for now, in the upcoming days we'll be >> implementing bootstrap 3 for the view layout and stuff, but that's only for >> informative purposes at this phase. >> >> That's why I was asking if there was a way of having RESTful, CRUD way of >> doing the request from something that had no web forms. So... >> >> Mobile App -> HTTP stuff -> backend controllers (functions in default) -> >> database data exchange, CRUD. >> >> An then response to the Mobile App in order to show the data it asked >> for... >> >> Indeed we will use and need the view part and web forms, credentials >> through it and tokens. But for now, we need to implement the request >> directly from Android native App. >> >> If that's not the way off doin' it, do you or someone knows something >> about having those tokens in a entity such a mobile device with Android in >> order to handle sessions, auths, or the usual tools and conventions used in >> views? >> >> Buena vibra! :D >> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > José Ricardo Borba > > -- José Ricardo Borba -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
