I subscribe to "obscurity is no security". That means that the security of your app should not depend in ANY way on 'cryptic' URLs (exception might be a one-time generated URL, and even that is questionable).
If you set up you app to check for authorization, permission, membership, then there should be no problem. A definite answer is not possible without a full review. I suspect that the link you posted is not checking for any authorization. If that is a file that you would publish on your freely accessible website, that would be OK, otherwise just fact that the URL is accessible without any login/authorization would raise concerns about the security of your app. I hope that makes sense to you. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
