Hello
I've been working with an appplication using appadmin as a reference
por giving maintence to the database but when i release it i have a
problem because the controllers have la following code and no one but
localhost can get access to them
http_host = request.env.http_host.split(':')[0]
remote_addr = request.env.remote_addr
try:
hosts = (http_host, socket.gethostname(),
socket.gethostbyname(http_host),
'::1','127.0.0.1','::ffff:127.0.0.1')
except:
hosts = (http_host, )
if request.env.http_x_forwarded_for or request.env.wsgi_url_scheme\
in ['https', 'HTTPS']:
session.secure()
elif remote_addr not in hosts:
raise HTTP(200, T('appadmin is disabled because insecure
channel'))
if not gluon.fileutils.check_credentials(request):
redirect('/admin')
so i changed the last part to
if not gluon.fileutils.check_credentials(request):
session.secure()
and now everyone can get access to the controller but (im using CAS)
after i access to the controller my session token gets lost
Id like to know if theres a way i can keep using this part of the code
but limiting ir some networks or how can i keep my token without
loosing it
thanx
Adolfo
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
