If the URL is exposed and it is accessible via ajax, than it is called by the remote browser. You can only limit access with @auth.requires_login() or other auth recorator.
On Sep 20, 6:48 pm, Avik Basu <avikb...@gmail.com> wrote: > I have a generic function called edit_db which allows for editing of > database records and is useful for ajax-related form functions such as > edit-in-place. The URL that is exposed is something like > > edit_db/tablename/row_id/fieldname?value="newvalue" > > I would like to make sure that this function can only be accessed by > functions within my web2py applications--in particular, widgets which > are defined in the model. What is the best way to do this? > > Avik
