you try go to the admin app /admin and press the [logout] button? On Wednesday, 7 January 2015 11:34:19 UTC-6, Jacinto Parga wrote: > > Well, but I log out the application. Then I clean the browser history and > just put in the browser > * https://myapp.appspot.com/appadmin <https://myapp.appspot.com/appadmin>I > am required to sign with google account.* > > I do so, and I can access the appadmin complete fucntionality, but I had > not logged in the application at all, neither as an user with admin > privileges nor a simple user. And there is no way to log out as I have not > logged in the application. If I log out my google account I can continue > using the appadmin interface. Even if I log in with another different > google account and access several minutes later to the appadmin. > > If I use the https://myapp.appspot.com/appadmin/manage/auth then > everything works fine because I have to log in as an user with admin > privileges. > > It is very useful for me to be able to access to appadmin in the > application deployed in google app engine, but how can I force it to log in > as an user with admin privileges? > > El miércoles, 7 de enero de 2015 15:47:20 UTC+1, Massimo Di Pierro > escribió: >> >> I partially agree. Problem is you signed out of google but you did not >> sign out of admin. appadmin authorizes you if you are logged into admin. >> The fact you logout from google does not automatically sign you out from >> admin. >> >> Can you reproduce the problem if you sign our from admin? >> >> On Wednesday, 7 January 2015 06:08:13 UTC-6, Jacinto Parga wrote: >>> >>> Hi >>> >>> I have deployed my aplication in GAE and /appadmin/manage/auth works >>> fine, asking a login to access. >>> >>> But, if I try to go to: https://myapp.appspot.com/appadmin >>> >>> Then the browser asks me: Sign in with your google account >>> <https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://clubatletismosada.appspot.com/appadmin<mpl=gm&shdf=Ch8LEgZhaG5hbWUaE0NsdWIgQXRsZXRpc21vIFNhZGEMEgJhaCIU4rpxyPjOtFDC1cxqbSHxn4qazIsoATIUrdvnPgTHKBlIIF_ylVxiINsy4sI> >>> . >>> >>> Ok, I sing wiht my google account (the owner of the application) and I >>> can access to the whole database appadmin without loggin in as >>> 'administrator' like in /appadmin/manage/auth >>> >>> So If the browser keeps the session anyone can access to my app database >>> from this browser. I have to remove the cookie of the session. >>> >>> I think it is a lack of security. >>> >>> So I would like to limit the access to >>> https://myapp.appspot.com/appadmin in the same way that >>> /appadmin/manage/auth >>> >>> Thanks >>> >>
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
