> > My though in replacing the @auth.requires_login() with > @auth.requires_signature() (I believe @auth.requires_signature() also > requires login, correct?) was adding another security layer, but with the > limitation you explained, I think I will not do it. > What is your opinion on this? > > With this severe limitation to @auth.requires_signature(), in what > situation do you recommend using it? >
It's not so much a limitation of @auth.requires_signature as it is with using it with the grid if there is something in the query string that must be protected from tampering. In any case, it's not clear @auth.requires_signature adds any value over @auth.requires_login in this case. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
