Hi I have deployed my aplication in GAE and /appadmin/manage/auth works fine, asking a login to access.
But, if I try to go to: https://myapp.appspot.com/appadmin Then the browser asks me: Sign in with your google account <https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://clubatletismosada.appspot.com/appadmin<mpl=gm&shdf=Ch8LEgZhaG5hbWUaE0NsdWIgQXRsZXRpc21vIFNhZGEMEgJhaCIU4rpxyPjOtFDC1cxqbSHxn4qazIsoATIUrdvnPgTHKBlIIF_ylVxiINsy4sI> . Ok, I sing wiht my google account (the owner of the application) and I can access to the whole database appadmin without loggin in as 'administrator' like in /appadmin/manage/auth So If the browser keeps the session anyone can access to my app database from this browser. I have to remove the cookie of the session. I think it is a lack of security. So I would like to limit the access to https://myapp.appspot.com/ in the same way that /appadmin/manage/auth Thanks -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
