[web2py:28880] Re: Error ticket usability for developers

Tue, 18 Aug 2009 01:18:57 -0700 

I am afraid it is a little more complex than that.

- a local user is not necessarily the administrator
- the server may be behind a proxy so all users are local users
- request.client can be spoofed by remote malicious clients

it is possible to detect if the user is the administrator by checking
a cookie (using gluon.fileutils.check_credentials('admin')) but
it is possible (although very rare) that the ticket itself cannot be
displayed by admin (because admin is not installed, because admin has
a bug, because the ticket is malformed) and we still want to see the
ticket number so we can access it manually

Anyway. In principle, I am not opposed to this change but let's give
this some thought ad hear more opinions.

Massimo

On Aug 18, 3:08 am, sgtpep <[email protected]> wrote:
> To achieve such behavior I've added some code in two places in gluon/
> main.py:
>
>         is_local_user = request.client == request.env.http_host.split
> (':')[0]
>         if is_local_user:
>             # redirecting to error ticket
>             return HTTP(303, error_message_ticket
>                      % dict(ticket=ticket), Location="/admin/default/
> ticket/%s"
>                      % ticket).to(responder)
>         else:
>             # displaying error ticket url
>             return HTTP(http_error_status, error_message_ticket
>                      % dict(ticket=ticket), web2py_error='ticket %s'
>                      % ticket).to(responder)
>
> On Aug 18, 11:44 am, sgtpep <[email protected]> wrote:
>
> > Hi Massimo and all web2piers!
>
> > Displaying a link to ticket on error for visitor is a very nice idea.
> > But how about displaying full ticket with error traceback at once if
> > the visitor is administrator. This will prevent me, developer, from
> > clicking on ticket link every time the error occurs.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to