[Zope-dev] [RFClet]: What about the request method and the client side trojan?

Toby Dickenson tdickenson@geminidataloggers.com
Wed, 10 Apr 2002 10:35:35 +0100


On Tue, 9 Apr 2002 13:17:40 -0400, "Brian Lloyd" <brian@zope.com>
wrote:

>> I think zope's management methods (the potentially destructive ones)=20

and 'coonstructive' ones too

>> should not accept REQUESTs with REQUEST_METHOD "GET".

>This is hard, hard, problem. While some good ideas have been=20
>proposed, there is not really a quick fix that doesn't have=20
>some downside that some group somewhere considers a=20
>showstopper :(

I agree Olivers suggestion is not a total solution, but does it have a
showstopper problem?

Toby Dickenson
tdickenson@geminidataloggers.com