remote admin

[Wei Li]

It's really annoying. For developing stage, there is no reason to be so secure.....

The easiest way: modifying models/access.py seems doesn't work for me.

My web2py is redirectly to apache. Using SSL will involve lot of configs....

Have to keep hacking web2py's source code now.

[Massimo Di Pierro]

There are good reasons to be so secure. Without ssl, anybody on any of the networks you are on can monitor your traffic and steal your password or your session cookies. It is very easy to do. There are programs called wireshark and tcpdump to do it. If the have your admin password they can run programs on your machine. You can get in serious legal trouble. Do not hack access.py. Make an ssh tunnel to loalhost using Putty. You do not need a ssl certificate to make a tunnel.

Massimo

[Anthony]

Also, the setup scripts include code to create self-signed SSL certificates -- for example: https://code.google.com/p/web2py/source/browse/scripts/setup-web2py-ubuntu.sh#74. Your browser will give you a warning, but it will allow you to have access to admin.

Anthony

[Wei Li]

Thanks for the detail explanation! I think I am going to use ssh tunnel to localhost now.

--
 
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/VolRfv-1XH8/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Wei Li]

This setup-web2py-ubuntu.sh looks very helpful to me! Thanks.

--