It is not about what is more secure. the serve a different purpose. The
signature makes sure the action that generate the signature is called
before the action that checks the signature and prevents changes in the get
parameters.
On Sunday, 22 February 2015 23:26:17 UTC-6, Robin Manoli wrote:
>
> Hi!
>
> I'm wondering about this example from the book. Would it be less secure to
> just decorate two with @auth.requires_login, even if it's used for an ajax
> call? Or is it made like this to explicitly not require login for two?
>
> @auth.requires_login()
> def one():
> return dict(link=URL('two', vars=dict(a=123), user_signature=True)
>
> @auth.requires_signature()
> def two():
> # do something
> return locals()
>
> Thanks for your help!
>
> -- Robin
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
