5 Feb
2004
5 Feb
'04
6:33 p.m.
Dennis Allison wrote at 2004-2-4 13:51 -0800:
Dieter, can you elaborate on this a bit. Passing parameter with the URL (for example, http://foo.goo.com?p1=v1&p2=v2 ) seems to be locked in pretty deeply in the Zope paradigm. What would be your suggestion?
HTML is not designed to be secure against curious users.... When you try to hide parameters, I will use a TCPLogger to see what is on the wire. When you use HTTPS, I will analyse the HTML source to determine your secrets.
On Wed, 4 Feb 2004, Dieter Maurer wrote:
Dennis Allison wrote at 2004-2-4 08:09 -0800:
... The parameters passed by GET and, to a lesser extent, the URLs themselves, represent a security issue in one of our systems.
Rethink what you are doing....
-- Dieter