[Seaside] URL parameters and seaside's security

Kamil Kukura kamk at volny.cz
Wed Aug 4 17:27:35 CEST 2004

I'm thinking about security issue of Seaside. If block which didn't 
register a callback for it cannot be executed, it makes it pretty secure 
from attacks such as playing with GET/POST arguments. Of course, there 
must be care given to values being passed into an application.

Btw, when I look to numbers that distinguish links (and input elements 
and buttons - don't know how do you call them) I see they appear in 
anchor's HREF in various order. Sometimes the number appears before 
"_s=...&_k=...", sometimes after and sometimes in the middle. Why is that?


More information about the Seaside mailing list