I made two changes which seem to me necessary for decent security: In /admin I switched is_local from "elif" to "if":
if request.env.http_x_forwarded_for or request.is_https:
session.secure()
if not request.is_local and not DEMO_MODE:
raise HTTP(200, T('Admin is disabled because insecure channel'))
In /appadmin, I'm requiring login:
if not auth.user_id: redirect(URL('default', 'user', args='login',
vars={'_next': '/appadmin'}))
