[Zope] URLs expose information which we'd like to hide

Dieter Maurer dieter at handshake.de
Wed Feb 4 16:22:25 EST 2004

Dennis Allison wrote at 2004-2-4 08:09 -0800:
> ...
>The parameters passed by GET and, to a lesser extent, the URLs themselves,
>represent a security issue in one of our systems. 

Rethink what you are doing....

> ....
>A partial solution would be to make POST not GET the standard for
>parameter transmital.
> Has anyone tried this?  I suspect there are all
>sorts of hidden gotchas.

"POST" requests should not be cached (as they are expected to
have side effects). Otherwise, there should be no problems.


More information about the Zope mailing list