[Zope] URLs expose information which we'd like to hide
Jamie Heilman
jamie at audible.transient.net
Wed Feb 4 15:23:24 EST 2004
Dennis Allison wrote:
> The parameters passed by GET and, to a lesser extent, the URLs themselves,
> represent a security issue in one of our systems.
What does that mean? Why do you think its a security issue?
> A partial solution would be to make POST not GET the standard for
> parameter transmital. Has anyone tried this? I suspect there are all
> sorts of hidden gotchas.
Using POST to send query params instead of GET is trivial. The only
gotchas are that using very few browsers handle redirecting POST
transactions correctly. This doesn't have anything to do with
security though.
--
Jamie Heilman http://audible.transient.net/~jamie/
"...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth and flicking his lovespuds with a wet towel, pure
insanity..." -Rimmer
More information about the Zope
mailing list