Paul Rubin a écrit :
Bruno Desthuilliers <bruno.42.desthuilli...@websiteburo.invalid> writes:
The buttons are in the form of a link with href='/item_edit?id=123',
...At least use "POST" requests for anything that Create/Update/Delete
resources.
There's also the issue that a user can change "123" to "125" and
possibly mess with someone else's resource,
unless you use some server
side authentication.
What I said IIRC.
Or just seeing how often the numbers change could
reveal patterns about what other users are doing. I always think it's
best to encrypt anything sensitive like that, to avoid leaking any info.
Depends on how "sensitive" it really is.
--
http://mail.python.org/mailman/listinfo/python-list
