On Monday, September 15, 2014 2:20:06 PM UTC-4, Mark Li wrote: > > Ahhh, that is quite frustrating! I see this a quite a big usability > improvement at virtually no cost to security; would an optional parameter > like auth.login(return_specific_error=True) still fail security checks for > owasp? >
Maybe post a Google Code issue requesting something like this. I think maybe we could adjust the code to pass the reason for the failure to the login_onfail callback, which could then change the session flash or set some other flag in the session (no need for a new return_specific_error argument). Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
