Oliver Bleutgen  <[EMAIL PROTECTED]> wrote:
> The issue of client side trojan recently came to my mind again.
> I think zope's management methods (the potentially destructive ones)
> should not accept REQUESTs with REQUEST_METHOD "GET".

I like the idea of trying to secure that kind of things a lot.

Unfortunately, considering how trivial it is for Javascript code to do a
POST programmatically, I don't see how that proposal would actually


Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:[EMAIL PROTECTED]

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to