What about using the session machinery? -jim -----Original Message----- From: Dennis Allison [mailto:allison@sumeru.stanford.EDU] Sent: Wednesday, February 04, 2004 11:10 AM To: zope@zope.org Subject: [Zope] URLs expose information which we'd like to hide The parameters passed by GET and, to a lesser extent, the URLs themselves, represent a security issue in one of our systems. One solution, which we tied and have had to back-off from, is to configure the browser window to simply not display the URL and Status lines. The problem there is that the pop-up blockers (now becoming common) interfere. Another, no longer available )-: , would be to exploit the URL hack that MS has just release an IE patch to fix. A partial solution would be to make POST not GET the standard for parameter transmital. Has anyone tried this? I suspect there are all sorts of hidden gotchas. Suggestions? _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )