It's possible. You can get the IP from request.env.remote_addr and see if it's in your list of approved IPs. Do not use request.client ( like this slice http://www.web2pyslices.com/slice/show/1485/authenticate-using-ip-address-using-a-custom-decorator ) as that will use the ip in a http_x_forwarded_for header if there is one and that's just too easy to spoof.
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
