That's completely unacceptable, bad security. You are right Anthony. What would be a better method?
Right now the value of role field in db.auth_group is the same as the primary key of the object I want to set auth for. I was hoping to use that idea to be able to restrict users to that organization's records only, Can I keep that concept and add something else to improve security? thanks Alex -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
