[Zope] URLs expose information which we'd like to hide
Dennis Allison
allison at sumeru.stanford.EDU
Wed Feb 4 11:09:33 EST 2004
The parameters passed by GET and, to a lesser extent, the URLs themselves,
represent a security issue in one of our systems.
One solution, which we tied and have had to back-off from, is to configure
the browser window to simply not display the URL and Status lines. The
problem there is that the pop-up blockers (now becoming common) interfere.
Another, no longer available )-: , would be to exploit the URL hack that
MS has just release an IE patch to fix.
A partial solution would be to make POST not GET the standard for
parameter transmital. Has anyone tried this? I suspect there are all
sorts of hidden gotchas.
Suggestions?
More information about the Zope
mailing list