@auth.requires_login() def download():
problem solved. -- Thadeus On Fri, Jun 11, 2010 at 2:11 PM, weheh <richard_gor...@verizon.net> wrote: > Once assigned, the user_id that my app creates is never changed. I > would use the auth.user.id field, but I don't like the fact that it's > sequential and therefore, easily guessed. I doubt that uploads can be > hacked easily since you did such a good job with security. > Nevertheless, I prefer to have an additional layer of obfuscation by > having an encrypted user_id. > > On Jun 10, 11:32 pm, mdipierro <mdipie...@cs.depaul.edu> wrote: >> The problem with this is that the, I assume, tha database links the >> uploaded filename to the user_id and therefore you need to access the >> database to locate the file. That is ok until the database changes and >> somebody edits the user_id. Than you can no longer locate the file. >> >> On Jun 10, 7:36 am, weheh <richard_gor...@verizon.net> wrote: >> >> >> >> > I think I'm dealing with the same situation, however, I'm going about >> > it a little differently. I'm storing files in >> >> > uploads/users/user_id/filename >> >> > My user_id is a cypher of characters [A-Z][a-z][0-9] with a length >> > anywhere from 8 to 12 characters or so. The filename is another cypher >> > created automatically by web2py, following the table.field approach. >> >> > One thing I'm thinking about is taking the user/user_id/filename >> > structure entirely outside of web2py. The reason is that my server has >> > 2 disk partitions and I might want to have these files resident under >> > C:/ or D:/ Another reason is that I might want to gradually move >> > these files to the cloud or another server. I'm wondering whether this >> > is reasonable and even possible to do from within a web2py app working >> > around the web2py way.- Hide quoted text - >> >> - Show quoted text - >
