Passing parameters in URL
Bruno Desthuilliers
bruno.42.desthuilliers at websiteburo.invalid
Thu Feb 4 05:52:12 EST 2010
Paul Rubin a écrit :
> Bruno Desthuilliers <bruno.42.desthuilliers at websiteburo.invalid> writes:
>>> The buttons are in the form of a link with href='/item_edit?id=123',
>> ...At least use "POST" requests for anything that Create/Update/Delete
>> resources.
>
> There's also the issue that a user can change "123" to "125" and
> possibly mess with someone else's resource,
> unless you use some server
> side authentication.
What I said IIRC.
> Or just seeing how often the numbers change could
> reveal patterns about what other users are doing. I always think it's
> best to encrypt anything sensitive like that, to avoid leaking any info.
Depends on how "sensitive" it really is.
More information about the Python-list
mailing list