On Friday, August 5, 2016 at 2:12:54 PM UTC-7, Anthony wrote: > > See > http://web2py.com/books/default/chapter/29/04/the-core#Digitally-signed-urls > . >
I was headed that way! Your previous post did awaken a small recollection of having read that section before. /dps > > On Friday, August 5, 2016 at 4:04:30 PM UTC-4, Dave S wrote: >> >> >> >> On Friday, August 5, 2016 at 12:06:41 PM UTC-7, Anthony wrote: >>> >>> How about simply sending the user a link with a timestamp in the query >>> string and a digital signature? Then only allow the operation if the >>> signature is valid and the current time is prior to the timestamp. If you >>> need to ensure the same user cannot submit the form more than once using >>> the same link, you could add a unique code to the URL and store that code >>> in the database with the form submission -- then don't allow submissions >>> with codes that are already in the database. >>> >>> Anthony >>> >> >> Okay. That sounds pretty straight forward. I'll take a look at this, >> and see how well I understood your suggestion. Thanks! >> >> /dps >> >> >>> >>> On Thursday, August 4, 2016 at 10:09:56 PM UTC-4, Dave S wrote: >>>> >>>> For support issues, I can imagine having a "one time account". That >>>> is, the account is created, info sent to the person-being-supported, p-b-s >>>> logs in and gets a form page to do what needs to be done, and then is >>>> logged out and the account disabled. Any good way to do that without >>>> having an admin sitting around watching for p-b-s to show up? >>>> >>>> I would probably prefer (as a potential p-b-s) to have a time-limited >>>> account, where the login queues a scheduler task that in n hours or n days >>>> or whatever does the disabling. That way, if p-b-s messes up on the first >>>> try at the form, there's a grace period for getting it right. But the >>>> original scheme could mostly handle that by having an admin (or support >>>> person) re-enable the account. If the support person is the one who >>>> recognizes the error, that would be a natural way of handling it. >>>> >>>> Thoughts? >>>> >>>> /dps >>>> >>>> >>>> >>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
