So doesn't the URL(..., user_signature=True) and @auth.requires_signature() decorator do exactly what you want? Maybe you want either/or decorator to work, in which case try the decorator @auth.requires() with your specific logic. You can also use the URL.verify() <http://web2py.com/books/default/chapter/29/04/the-core?search=URL.verify#Digitally-signed-urls>method documented in the book. HTH
On Tuesday, 8 December 2020 at 11:42:58 UTC Annet wrote: > In the control panel I built I use URL(..., user_signature=True) and > @auth.requires_signature() to secure the urls. > > I the init application I built I have various links to a particular > function with different > combinations of args and vars. I want to limit access to that function so > only the > explicitly generated links will work i.e. prevent users from generating > their own combinations of args and vars. > > Is it possible to digitally sign the allowed URLs and check the signature > in the action to prevent any other URLs from working, without visitors > being logged in? > > > Kind regards, > > Annet > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/2d7d43af-fbe1-49f7-904b-d694ac0fd22dn%40googlegroups.com.
