[Zope] Arguments in URL

Max M maxm at mxm.dk
Thu Feb 5 03:43:39 EST 2004

Marcello Parra Martins wrote:

 > I dont know if this was discussed here before...
 > Anyway..  is there an easy way to protect user from changing the 
 > passed in a URL ?

No! You should *never* use the url as security.

You should allways test the input you receive from both a form or a url. 
Never trust them.

It is very easy to either use a browser that can be fooled or to write a 
programme that can send arbitrary urls.

If you need to trust the input from your url's, you are doing it wrong!

regards Max M

More information about the Zope mailing list