[Zope] URLs expose information which we'd like to hide

Dieter Maurer dieter at handshake.de
Wed Feb 4 16:22:25 EST 2004


Dennis Allison wrote at 2004-2-4 08:09 -0800:
> ...
>The parameters passed by GET and, to a lesser extent, the URLs themselves,
>represent a security issue in one of our systems. 

Rethink what you are doing....

> ....
>A partial solution would be to make POST not GET the standard for
>parameter transmital.
> Has anyone tried this?  I suspect there are all
>sorts of hidden gotchas.

"POST" requests should not be cached (as they are expected to
have side effects). Otherwise, there should be no problems.

-- 
Dieter



More information about the Zope mailing list