> > > No, admin (including reloading routes) can be made available on a > production > > server -- you just have to access it via HTTPS. This should be fine for > > production. > > That's one way to go, but I was following the example from > http://web2py.com/books/default/chapter/29/13 >
That section starts with the following: It is very dangerous to publicly expose the *admin* application and the * appadmin* controllers unless they run over HTTPS. I have no idea from reading the docs if it should be safe, or not. > For all I know if I happen to change the symbolic link at the wrong > time, web2py will traverse the path 'in the middle of something > important' and end up in a different application than it was before > (projectX links to projectX2011 and I get "luck" and switch the link > to projectX2012 at just the wrong moment). > Yes, good point -- that's an issue with how symbolic links work. During a given request, web2py will read (and possibly write) several files from the filesystem within the application's folder -- if the symbolic link changes mid-request, I suppose it could read/write files from two different applications. So it probably would be a good idea to temporarily disable the application (which can be done via admin) when changing the symbolic link. Actually, I think using routes.py might be a better way to go anyway. Anthony
