Depends on how secure the posting permissions are. Disabling registration
isn't necessary, as long as registered users can't post. Of course, if you
don't need registration (presumably you don't if you're disabling it), then
you should disable it anyway.
Anthony
On Wednesday, September 10, 2014 11:57:21 AM UTC-4, Yousif Iyad Shaban
wrote:
>
> If I was to enable HTML in posts using:
> {{=XML(post.body)}}
>
> and disable registration entirely using:
> auth.settings.actions_disabled.append('register')
>
> Would that be enough to remove security concerns about injections from the
> outside?
>
>
> And as a side note, thank you guys for this great framework!
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
