CGI: POST and GET

empty printf_nemesis at hotmail.com
Mon Feb 10 11:00:47 CET 2003


William <wilk-spamout at flibuste.net> wrote in message news:<873cmxx29p.fsf at flibuste.net>...
> printf_nemesis at hotmail.com (empty) writes:
> 
> > Is it possible to retrieve specifically POST or GET method information
> > ? Does cgi.FieldStorage() have a method for that ? And if its not
> > possible, thats a big security issue, any other form of security ?
> 
> I think if you change the argument of FieldStorage, you can skip GET or
> POST.
> But why do you say it's a security issue ?
> 

Because, it allows crackers to pass data that was not intended to be
able other then through form ones, which might allow variables which
may be illdefined to make the script do unfreindly things, its more of
an issue in PHP because of SuperGlobals though..




More information about the Python-list mailing list