Thanks. From a quick read the issue is that amf callbacks should authenticate the user. The @auth.requires_login() should work for myamf callbacks although never used it myself.
Massimo On Jul 30, 2:25 am, elffikk <[email protected]> wrote: > I know that web2py aims to be secure, but if you use it with amfrpc > service that could be interesting to read > > http://www.ivizsecurity.com/blog/web-application-security/testing-fla...
