Gotcha! 2012/12/26 Anthony <[email protected]>
> You can use the Auth system to set permissions ( > http://web2py.com/books/default/chapter/29/09#Authorization), or you > might consider using digitally signed URLs ( > http://web2py.com/books/default/chapter/29/04#Digitally-signed-urls). > With the latter solution, the signature is a hash of the URL, so if the URL > is altered, the signature won't work. > > Anthony > > > On Wednesday, December 26, 2012 10:43:46 AM UTC-5, Ramos wrote: >> >> hello >> i have a controller that filters what the user can see. >> >> the view show some links to record. >> >> for example the user A can only see one button to access a record >> the button has this link >> http://127.0.0.1:8000/**EmpreiteirosA/default/showemp/**7<http://127.0.0.1:8000/EmpreiteirosA/default/showemp/7> >> >> but if the user changes the url by hand to end for example with 8 he can >> see record 8 >> >> how to prevent this the best way? >> >> >> thank you >> >> António >> > -- > > > > --
