Hi, Overall web2py is pretty save as far as I know. https://scanmyserver.com/ shows for my web2py app 6 "low priority" risks. As far as I'm concerned they are very low priority but since I startet to record all errors (code 400 404 500) in an database table I get a little concerned since my very small site gets on some days 20 attacks. They are pretty premitive as far as I can tell. Trying to call admin page or /wp-login ... trying to add code after the url... So my concern is not the site itself but the appadmin. It is only protected by a password and as far as I can tell there is no brute force protection like a timeout after 3 or five misspelled passwords. I don't know if I'm just paranoid but I can't record if there are attemps to access appadmin and there is no timeout for the password. I would welcome your thoughts on this issue.
-- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
