[Zope-dev] [RFClet]: What about the request method and the client side trojan?

Lennart Regebro lennart@torped.se
Wed, 10 Apr 2002 18:45:41 +0200


From: "Oliver Bleutgen" <myzope@gmx.net>
> I was thinking more of something like adding the checks individually to
> each method in stock zope for which it is appropriate.
>
> Brian is of course right in his other mail by stating that this might
> and will break custom products which use the wrong method, but I
> wouldn't call a global s/method='GET'/method='POST'/g ( SCNR ;-) ) a
> code audit. It might be also made customizable via a command line switch
> to z2.py in the beginning, with default to off.

This would be a huge task. My gut feeling is that it is a lot of work for
very little benefit, although I don't really have any arguments to back that
up with.