I read chapter 29/04 on digitally signed urls. and have a question.
I have sort of a router function which routes requests:
def router():
node_id = request.args(0, cast=int)
row = db().select()
if row:
if row.view_id == 'bsc'
redirect(URL('site', 'index', args=[nodeID, viewID, navID], vars=dict(view='bsc'), hmac_key=KEY))
....
return None
I'd like to digitally sign the redirect URL, and then in site/index verify it to make sure the visitor
did not alter it.
def index()
if not URL.verify(request, hmac_key=KEY) : raise: HTTP(403)
....
return locals()
I wonder whether this is the correct way to implement digitally signed urls.
What is the best way to generate a hmac_key to assign to KEY
Kind regards,
Annet