[ic] disabling GET variables
Grant
emailgrant123b at yahoo.com
Fri May 28 18:26:30 EDT 2004
I've been careful to not rely on any GET variables in
my catalog. Even so, I suppose the "id" variable is
still passed via GET if the user has cookies disabled.
Is doesn't seem like a numerical "mv_pc" would matter
because it's just an anti-cacher right? That leaves
the UI which has GETs all over the place.
It seems like a security risk to allow users to modify
variables in the URL via GET. Should I not be worried
about this, or is there a way to keep that from
happening? I guess I'm talking about disabling non-UI
GET variables other than "id". I took a look at
TolerateGet here:
http://www.icdevgroup.org/i/dev/docfly.html?mv_arg=icconfig04%2e54
but I don't think it's what I'm after.
- Grant
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
More information about the interchange-users
mailing list