I don't really see how you could have that vulnerability in web2py without explicitly programming for it. But no it does not protect you from yourself. How could we protect you from being a dumbass and using invalidated user input to get some file directly from the filesystem? Note, that this has happened in the admin application itself, but it's rare for you to have an app that has to do the kind of filesystem manipulations the admin does and we do not recommend the admin in production even though it is pretty safe right now.
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
