Thanks again Anthony. I will get that cleaned up.
-Jim
On 2/2/2012 1:46 PM, Anthony wrote:
On Thursday, February 2, 2012 1:34:33 PM UTC-5, Jim S wrote:
You are good!
Is this done because of a security concern? Would 'best practice'
dictate that I not use the generic views.
Yes, it's a security concern. generic.json in particular will reveal
everything passed to the view, including db fields that were selected
but not intended to be exposed (e.g., the password field when
selecting a user record) and variables intended only to implement
logic within the view. It's generally safer to implement specific
views or to enable generic views selectively (i.e., only the specific
generic view needed for a specific function). This is discussed here:
http://web2py.com/books/default/chapter/29/10#Generic-views.
Anthony
