Brian Lloyd wrote: >>[proposal of dissallowing GETs for management methods] >>The win would be that disabling javascipt would make a client save from >>this form of attack, AFAIK, OTOH I can't think of anything which would >>break ATM. >> > > While I don't necessarily disagree about making GETs idempotent, > this still doesn't make you "safe", even with JS turned off.
Ahh, idempotent, that word escaped me ;-). > > A quick example: images can be used as form submit buttons. If > I can get you to visit a page and click on my innocent looking > image... you're done :) Ok, I wasn't clear enough. What I proposed would at least give the browser implementors a chance to remedy the problem (e.g. ask before form submission etc.). Compare your scenario to that where one just needs to write <img href="http://victimserver/evilmethod"> > > This is hard, hard, problem. While some good ideas have been > proposed, there is not really a quick fix that doesn't have > some downside that some group somewhere considers a > showstopper :( I consider what I wrote really not the most sophisticated idea around, more something in the line of disabling unneeded servers on a unix machine. But I also don't see how it could be a showstopper for any scenario. No pain (barring modification of methods, which could be done step by step), some gain ... sounds good to me. cheers, oliver _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )