anyone asking for an action that you have as /appname/default/index
will be able to see the dict returned by that function using /appname/default/index.json if you're not used to do return dict(lots_of_things_private_that_the_view_wont_show) you are on the safe side. Security-wise (and mostly plugin-wise) any action should have only the views that it has been planned to return (so, no generic whatsoever) On Tuesday, October 8, 2013 9:18:37 PM UTC+2, Tim Richardson wrote: > > You're fast. > I just noticed this in the book > response.generic_patterns = ['*.json'] > which solves the problem (in reverse of your suggestion but this is the > problem) > > Is there a security risk in enabling generic.json? > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
