Musachy Barroso wrote:
If there was a way of doing that, wouldn't it defeat the protection?
Probably, but I was hoping someone might suggest a way that it didn't.
Another thing, does the HDIV plugin have this already?
Not really--it doesn't prevent the request from being made or acted upon, just might make it harder for an attacker to figure out what values to pass to get the desired result. HDIV only really seems to help by masking primary key information in URLs -- and I've been careful to (just about) never have clients reflect PKs back to me so that I don't have to trust them.
-Dale --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
