if the user is logged-in you do not have to pass an hmac_key. It is
automatically generated per-session.
On Friday, 6 March 2015 05:26:47 UTC-6, Annet wrote:
>
> I read chapter 29/04 on digitally signed urls. and have a question.
>
> I have sort of a router function which routes requests:
>
> def router():
> node_id = request.args(0, cast=int)
> row = db().select()
> if row:
> if row.view_id == 'bsc'
> redirect(URL('site', 'index', args=[nodeID, viewID, navID],
> vars=dict(view='bsc'), hmac_key=KEY))
>
> ....
> return None
>
> I'd like to digitally sign the redirect URL, and then in site/index verify
> it to make sure the visitor
> did not alter it.
>
> def index()
> if not URL.verify(request, hmac_key=KEY) : raise: HTTP(403)
> ....
> return locals()
>
> I wonder whether this is the correct way to implement digitally signed
> urls.
> What is the best way to generate a hmac_key to assign to KEY
>
>
> Kind regards,
>
> Annet
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
