Yes but it is not really a bug. appadmin select box is designed to be used by the administrator, not to be exposed to untrusted users. Admin must login from localhost or via https using secure session cookies. This is as secure as SSH. After all the administrator is the administrator, he already has login access.
Massimo On Apr 1, 12:07 am, TheDude <[email protected]> wrote: > Yarko, > Does that injection still exist? And, we need a web2py 1.6 soon :P > > On Apr 1, 1:00 am, Vidul Petrov <[email protected]> wrote: > > > Thank you, Massimo. > > > One more question - a role can have many groups and vice versa, an > > user can belong to many groups and vice versa? > > > On Apr 1, 7:16 am, mdipierro <[email protected]> wrote: > > > > This is already in Auth. Auth actually does more than unix-like group > > > based access control. It does Role based access control (group based > > > is a particular case). > > > > gid=auth.add_group(role='Manager') > > > auth.add_membership(gid, auth.user.id) > > > auth.add_permission(gid,'call function f') > > > > @auth.requires_permission('call function f') > > > def f(): return 1 > > > > On Mar 31, 11:01 pm, Vidul Petrov <[email protected]> wrote: > > > > > IMHO such lightweight applications/utilities would make WEB2PY the > > > > only so capable MVC player. > > > > In addition I'd like to request comments on, let's call it feature - > > > > now that Auth is in not an add-on, is there are a place for (optional) > > > > UNIX-like users/resources management? > > > > In short: each resource - every controler/action/etc. owned by a given > > > > user/group, otherwise an user/group "nobody" or "guest". > > > > > Does this make any sense? > > > > > On Apr 1, 6:29 am, Yarko Tymciurak <[email protected]> wrote: > > > > > > Not sure what you would want to port here; If I take this at face > > > > > value, > > > > > here's what is currently documented (I've highlited what I thought > > > > > might be > > > > > interesting from a web2py perspective). > > > > > In general, I think idea of having a package of light weight > > > > > applications / > > > > > utilities is something both useful, and (at some level) something > > > > > we're > > > > > doing w/ tools... auth, etc. > > > > > > - email confirmation > > > > > - This simple app is for cases where you don’t want to require > > > > > an > > > > > email address to signup on your website but you do still want to > > > > > ask for an > > > > > email address and be able to confirm it for use in optional > > > > > parts of your > > > > > website > > > > > - timezones > > > > > - threaded comments > > > > > - with moderation.... > > > > > - ajax validation > > > > > - uses jquery > > > > > - flags > > > > > - This app lets users of your site flag content as > > > > > inappropriate or > > > > > spam. > > > > > - pagination > > > > > - oembed > > > > > - notification > > > > > - mailer ---- with a mail cue, this _might_ be interesting... > > > > > - dbtemplates > > > > > - robots > > > > > > On Tue, Mar 31, 2009 at 9:12 PM, mdipierro <[email protected]> > > > > > wrote: > > > > > > > Perhaps we should do it ourself for real. > > > > > > > On Mar 31, 7:11 pm, Yarko Tymciurak <[email protected]> wrote: > > > > > > > Guys - this is a Joke .... (see also the "fued between pinax and > > > > > > > django").... > > > > > > > see: http://www.ponyransom.com/ > > > > > > > > and: http://www.pinaxenvy.com/ > > > > > > > > On Tue, Mar 31, 2009 at 6:28 PM, mdipierro > > > > > > > <[email protected]> > > > > > > wrote: > > > > > > > > >http://twitter.com/jtauber/status/1420954914 > > > > > > > > > James. Are you here? > > > > > > > > > Massimo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
