[Zope] URLs expose information which we'd like to hide
dieter at handshake.de
Wed Feb 4 16:22:25 EST 2004
Dennis Allison wrote at 2004-2-4 08:09 -0800:
>The parameters passed by GET and, to a lesser extent, the URLs themselves,
>represent a security issue in one of our systems.
Rethink what you are doing....
>A partial solution would be to make POST not GET the standard for
> Has anyone tried this? I suspect there are all
>sorts of hidden gotchas.
"POST" requests should not be cached (as they are expected to
have side effects). Otherwise, there should be no problems.
More information about the Zope