[Zope-dev] [RFClet]: What about the request method and the client side trojan?

[Florent Guillaume]

Oliver Bleutgen  <myzope@gmx.net> wrote:
> The issue of client side trojan recently came to my mind again.
>[..]
> I think zope's management methods (the potentially destructive ones)
> should not accept REQUESTs with REQUEST_METHOD "GET".

I like the idea of trying to secure that kind of things a lot.

Unfortunately, considering how trivial it is for Javascript code to do a
POST programmatically, I don't see how that proposal would actually
help.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg@nuxeo.com