Yes, thank you, I'm disabling registration for a personal blog in which I'm
the only one who posts, and from the looks of it the answers suggest this
is enough.
On Wednesday, September 10, 2014 7:46:20 PM UTC+3, Anthony wrote:
>
> Depends on how secure the posting permissions are. Disabling registration
> isn't necessary, as long as registered users can't post. Of course, if you
> don't need registration (presumably you don't if you're disabling it), then
> you should disable it anyway.
>
> Anthony
>
> On Wednesday, September 10, 2014 11:57:21 AM UTC-4, Yousif Iyad Shaban
> wrote:
>>
>> If I was to enable HTML in posts using:
>> {{=XML(post.body)}}
>>
>> and disable registration entirely using:
>> auth.settings.actions_disabled.append('register')
>>
>> Would that be enough to remove security concerns about injections from
>> the outside?
>>
>>
>> And as a side note, thank you guys for this great framework!
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
