[Zope] URLs expose information which we'd like to hide

Jamie Heilman jamie at audible.transient.net
Wed Feb 4 15:23:24 EST 2004


Dennis Allison wrote:
> The parameters passed by GET and, to a lesser extent, the URLs themselves,
> represent a security issue in one of our systems. 

What does that mean?  Why do you think its a security issue?
 
> A partial solution would be to make POST not GET the standard for
> parameter transmital.  Has anyone tried this?  I suspect there are all
> sorts of hidden gotchas.

Using POST to send query params instead of GET is trivial.  The only
gotchas are that using very few browsers handle redirecting POST
transactions correctly.  This doesn't have anything to do with
security though.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/
"...thats the metaphorical equivalent of flopping your wedding tackle
 into a lion's mouth and flicking his lovespuds with a wet towel, pure
 insanity..."                                           -Rimmer



More information about the Zope mailing list