Also be carefull with wsgi-apache deployment, with the given script, take a
look on the apache configuration looking for /appadmin.
2011/2/28 Anthony <abasta...@gmail.com>
> On Sunday, February 27, 2011 9:40:03 PM UTC-5, mart wrote:
>>
>> well, I have to check... Naturally (and there is always a chance - I'm
>> actually left feeling surprised when I am not wrong), I could be
>> completely missing the mark here. I do know, that a copy (with a new
>> name) of appadmin is quite open to all users (because I did that
>> once), but just thought i'd mention...
>
>
> Hmm, I can't reproduce this simply by renaming appadmin.py and
> appadmin.html to something else -- I still have to be logged in to admin to
> access (the renamed) appadmin. It looks like the following code in
> appadmin.py (which does not appear to depend on the name being 'appadmin')
> prevents unauthorized access:
>
> if (request.application=='admin' and not session.authorized) or \
> (request.application!='admin' and not
> gluon.fileutils.check_credentials(request)):
> redirect(URL('admin', 'default', 'index'))
> Anyway, I'm not recommending changing the name of appadmin -- don't see a
> good reason to.
>
>
>>
>> As for the appadmin not being an app... alright, sure. But, I can log
>> onto a web2py server (without logging into any application) and
>> view,update,delete data from any apps DB. Because I can do that, I
>> tend to want to see it as feature of having admin privileges... admin
>> vs appadmin or app vs .py file with a view. I still see them belonging
>> together (even if I am wrong about it).
>
>
> Yes, that makes sense.
>
> Best,
> Anthony
>
--
Pablo Martín Mulone (mar...@tecnodoc.com.ar)
http://www.tecnodoc.com.ar/
Paraná, Entre Ríos, Argentina (CP 3100).
My blog: http://martin.tecnodoc.com.ar
Expert4Solution Profile:
http://www.experts4solutions.com/e4s/default/expert/6
