[Zope] Arguments in URL
Max M
maxm at mxm.dk
Thu Feb 5 03:43:39 EST 2004
Marcello Parra Martins wrote:
> I dont know if this was discussed here before...
> Anyway.. is there an easy way to protect user from changing the
arguments
> passed in a URL ?
No! You should *never* use the url as security.
You should allways test the input you receive from both a form or a url.
Never trust them.
It is very easy to either use a browser that can be fooled or to write a
programme that can send arbitrary urls.
If you need to trust the input from your url's, you are doing it wrong!
regards Max M
More information about the Zope
mailing list