The first change is fine but it will not go in trunk because people expect to be able to login in admin remotely. It requires ssl anyway and sessions expire in 1h.
The second change may be a problem. appadmin require login in admin, not necessarily in the auth of the app. Anyway, that depends on your apps. On Jul 11, 7:51 pm, pbreit <[email protected]> wrote: > I made two changes which seem to me necessary for decent security: > > In /admin I switched is_local from "elif" to "if": > > if request.env.http_x_forwarded_for or request.is_https: > session.secure() > > if not request.is_local and not DEMO_MODE: > raise HTTP(200, T('Admin is disabled because insecure channel')) > > In /appadmin, I'm requiring login: > > if not auth.user_id: redirect(URL('default', 'user', args='login', > vars={'_next': '/appadmin'}))
