web2py needs to send emails for change password, lost password, forgot username, etc. It needs to build the links you click on. Web2py tries to build these links but often does not know its own hostname and makes some guesses. These guesses can result in vulnerabilities. You should tell web2py what your hostname is. So if your app is running at yourdomain.com you should tell web2py in appconfig.ini
[host] names = yourdomain.com Notice this does not configure your DNS. It just tells web2py how you have it configured. The default value for this field is a list of pattens that will be accepted. Basically by default web2py accepts all possible hostnames because does not know better. On Tuesday, 2 August 2016 12:23:18 UTC-5, Gael Princivalle wrote: > > Hello. > > Someone can give some examples about the use of the Host configuration in > appconfig.ini? > > Thanks. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
