I had a thoght while developing a small app, about security of the default validators. As for now, these are the default validators of numbers in web2py
integer IS_INT_IN_RANGE(-1e100, 1e100) double IS_FLOAT_IN_RANGE(-1e100, 1e100) decimal(n,m) IS_DECIMAL_IN_RANGE(-1e100, 1e100) I went over all the times I've made an app, used integer fields, and asked myself - what if the number was negetive? Most of the time my answer ranged from - things will work, but it would be really odd - to - oh my god, an 11 year old girl can hack me. (I'm not talking about web2py apps only, but earlier PHP projects too). My guess, most of us count on web2py validators, and never take a 2nd thought about "the minus problem". I'm not sure changing web2py default validators is an option here (because it will mess up backward compatibility). Yet - this is really a common problem, that I'd love to know how you handle. Thanks
