Dieter, can you elaborate on this a bit. Passing parameter with the URL (for example, http://foo.goo.com?p1=v1&p2=v2 ) seems to be locked in pretty deeply in the Zope paradigm. What would be your suggestion? On Wed, 4 Feb 2004, Dieter Maurer wrote:
Dennis Allison wrote at 2004-2-4 08:09 -0800:
... The parameters passed by GET and, to a lesser extent, the URLs themselves, represent a security issue in one of our systems.
Rethink what you are doing....
.... A partial solution would be to make POST not GET the standard for parameter transmital. Has anyone tried this? I suspect there are all sorts of hidden gotchas.
"POST" requests should not be cached (as they are expected to have side effects). Otherwise, there should be no problems.
-- Dieter