Well, but I log out the application. Then I clean the browser history and just put in the browser * https://myapp.appspot.com/appadminI am required to sign with google account.*
I do so, and I can access the appadmin complete fucntionality, but I had not logged in the application at all, neither as an user with admin privileges nor a simple user. And there is no way to log out as I have not logged in the application. If I log out my google account I can continue using the appadmin interface. Even if I log in with another different google account and access several minutes later to the appadmin. If I use the https://myapp.appspot.com/appadmin/manage/auth then everything works fine because I have to log in as an user with admin privileges. It is very useful for me to be able to access to appadmin in the application deployed in google app engine, but how can I force it to log in as an user with admin privileges? El miércoles, 7 de enero de 2015 15:47:20 UTC+1, Massimo Di Pierro escribió: > > I partially agree. Problem is you signed out of google but you did not > sign out of admin. appadmin authorizes you if you are logged into admin. > The fact you logout from google does not automatically sign you out from > admin. > > Can you reproduce the problem if you sign our from admin? > > On Wednesday, 7 January 2015 06:08:13 UTC-6, Jacinto Parga wrote: >> >> Hi >> >> I have deployed my aplication in GAE and /appadmin/manage/auth works >> fine, asking a login to access. >> >> But, if I try to go to: https://myapp.appspot.com/appadmin >> >> Then the browser asks me: Sign in with your google account >> <https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://clubatletismosada.appspot.com/appadmin<mpl=gm&shdf=Ch8LEgZhaG5hbWUaE0NsdWIgQXRsZXRpc21vIFNhZGEMEgJhaCIU4rpxyPjOtFDC1cxqbSHxn4qazIsoATIUrdvnPgTHKBlIIF_ylVxiINsy4sI> >> . >> >> Ok, I sing wiht my google account (the owner of the application) and I >> can access to the whole database appadmin without loggin in as >> 'administrator' like in /appadmin/manage/auth >> >> So If the browser keeps the session anyone can access to my app database >> from this browser. I have to remove the cookie of the session. >> >> I think it is a lack of security. >> >> So I would like to limit the access to https://myapp.appspot.com/appadmin >> in the same way that /appadmin/manage/auth >> >> Thanks >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
