An important security issue has come up.
If you use web2py in production with the rocket web server (which you
should not anyway):
1) delete the "examples" app
2) make sure you pages do not expose the {{=response.toolbar}}
Please follow the above guidelines because exposing internal system status
may help attackers gain confidential information about your system.
The web2py in trunk will prevent the information leakage by default but
removing "examples" is the safest way.
If you use nginx or apache or other wsgi server there is no problem but you
may still want to follow the above rules in production.
Massimo
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
