I was wondering if it might be possible to limit the URL to functions that are called internally from web2py component calls. In the manual, there is a reference to using a decorator like:
@auth.requires(request.cid) Would this be an effective safeguard? Also, is there some way to set this since it only seems to work when LOAD is called and I would like to set it when some code in the model is executed. Avik On Sep 21, 12:10 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > If the URL is exposed and it is accessible via ajax, than it is called > by the remote browser. > You can only limit access with @auth.requires_login() or other auth > recorator. > > On Sep 20, 6:48 pm, Avik Basu <avikb...@gmail.com> wrote: > > > > > I have a generic function called edit_db which allows for editing of > > database records and is useful for ajax-related form functions such as > > edit-in-place. The URL that is exposed is something like > > > edit_db/tablename/row_id/fieldname?value="newvalue" > > > I would like to make sure that this function can only be accessed by > > functions within my web2py applications--in particular, widgets which > > are defined in the model. What is the best way to do this? > > > Avik
