>From 'The Book':
login required by default for data updates
By default all the URL generated by the grid are digitally signed and
verified. This means one cannot perform certain actions (create, update,
delete) without being logged-in. These restrictions can be relaxed:
def manage_users():
grid = SQLFORM.grid(db.auth_user,user_signature=False)
return locals()
but we do not recommend it.
The last line is the kicker here... I don't really want to turn this off
if I don't have to. I don't know why, but it isn't recommended. There is
no further explanation of why it isn't recommended and if I knew more about
the underlying protocols it would probably make sense. But, since I don't
understand it fully, could someone elaborate on why this wouldn't be
recommended?
-Jim
On Wed, Nov 6, 2013 at 1:42 PM, Jim Steil <[email protected]> wrote:
> No, the user is always linking with a signature in the app. I think the
> default for user_signature is True and I'm not overriding it.
>
> So, are you telling me that if I want to deep link to the edit page on a
> SQLFORM.grid then I need to have user_signature = False?
>
> If I do that, aren't I giving up some security?
>
> -Jim
>
>
> On Wed, Nov 6, 2013 at 1:38 PM, Niphlod <[email protected]> wrote:
>
>> ok, rolling back a little.
>> if the user is accessing the link without issues without any signature,
>> then it should be able to click on the link and reach the page. This also
>> means that the grid you're publishing has user_signature = False, right ?
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to a topic in the
>> Google Groups "web2py-users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/web2py/YhzviZbdwW0/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
