solved when i replaced the top part (upto response.menu) of
appadmin.py in the appliances application with that of appadmin.py in
the ajaxSpreadsheet application.
__
Teru
On 9月19日, 午後10:49, suiato <homm...@gmail.com> wrote:
> Thanks for commenting, Massimo.
>
> On 9月19日, 午後5:40, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > You are taking risks. People can steal your session cookie, access
> > appadmin and from there run any python code using the query string.
>
> oops, pretty scary.
>
>
>
> > You should not comment those lines but go over https.
>
> Actually, the connection is over HTTPS. Connection to Admin thru HTTP
> is still forbidden.
>
> i could login thru HTTPS to Admin by using the password set in
> parameters_443.py, but, hitting appadmin.py's index on the Admin's
> EDIT screen gave me 400 BAD REQUEST. Commenting out these lines was
> the only way i could find to avoid the error so far. Even if these two
> lines are commented out, the connection is still HTTPS. Still risky?
>
> i did something i should have done before asking... ran the shell on
> web2py, and found
> request.env.remote_addris '127.0.0.1' and
> request.env.http_host is '127.0.0.1:8000'
> so
> request.env.remote_addr!= request.env.http_host.split(':')[0]
> looks false. Then, it should be ok not to comment out the lines! BUT,
> i get the error 400 BAD REQUEST :-(
> When i comment these out, no error occurs. This is very confusing to
> me... i must have missed something obvious.
>
> will appreciate any hints or suggestions.
>
>
>
> > Massimo
>
> --
> Teru
>
>
>
> > On Sep 18, 11:46 pm, suiato <homm...@gmail.com> wrote:
>
> > > thanks to the instructions on the book and the example
> > > web2py_wsgi.conf, i now can run web2py with mod_wsgi on apache. admin
> > > with https worked fine, too, but i had to comment out the lines
> > > if request.env.remote_addr!=request.env.http_host.split(':')[0]:
> > > raise HTTP(400)
> > > in models/appadmin.py.
> > > is it ok, or am i taking a risk, what kind of risk? any alternatives?
> > > will appreciate advice.
>
> > > --
> > > Teru
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
