[ic] disabling GET variables

Grant emailgrant123b at yahoo.com
Fri May 28 18:26:30 EDT 2004

I've been careful to not rely on any GET variables in
my catalog.  Even so, I suppose the "id" variable is
still passed via GET if the user has cookies disabled.
 Is doesn't seem like a numerical "mv_pc" would matter
because it's just an anti-cacher right?  That leaves
the UI which has GETs all over the place.

It seems like a security risk to allow users to modify
variables in the URL via GET.  Should I not be worried
about this, or is there a way to keep that from
happening?  I guess I'm talking about disabling non-UI
GET variables other than "id".  I took a look at
TolerateGet here:


but I don't think it's what I'm after.

- Grant

Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.

More information about the interchange-users mailing list