I just ran into a security problem where a component is revealing a whole auth_user record!
See: http://pricetack.com/components/order_summary/1 What is the preferred way to avoid this? I could specify individual fields in my select(). There was a recommendation to decorate the component with @auth.requires(request <http://web2py.com/book/default/docstring/request>. cid). Would that close up the loophole? Any other solutions?
