[Seaside] URL parameters and seaside's security
kamk at volny.cz
Wed Aug 4 17:27:35 CEST 2004
I'm thinking about security issue of Seaside. If block which didn't
register a callback for it cannot be executed, it makes it pretty secure
from attacks such as playing with GET/POST arguments. Of course, there
must be care given to values being passed into an application.
Btw, when I look to numbers that distinguish links (and input elements
and buttons - don't know how do you call them) I see they appear in
anchor's HREF in various order. Sometimes the number appears before
"_s=...&_k=...", sometimes after and sometimes in the middle. Why is that?
More information about the Seaside