Am 04.02.10 01:42, schrieb John Bokma:
"Diez B. Roggisch"<de...@nospam.web.de> writes:
Am 03.02.10 19:11, schrieb John Bokma:
Alan Harris-Reid<a...@baselinedata.co.uk> writes:
I have a web-page where each row in a grid has edit/delete buttons to
enable the user to maintain a selected record on another page. The
buttons are in the form of a link with href='/item_edit?id=123', but
this string appears in the URL and gives clues as to how to bypass the
correct sequence of events, and could be risky if they entered the URL
directly (especially when it comes to deleting records).
You should *never* use a GET request to do actions like deleting
records. You already are aware of it being risky, so don't do this. You
should use GET for getting information, and POST for modifying information.
You should *never* say never, because there might be situations where
exceptions from rules are valid. This is one such cases. Making this a
post means that you need to resort to javascript to populate& submit
a hidden HTML-form. Just for the sake of a POST.
Make each edit/delete button a submit button and optionally style it.
*slap* Yep, you are right, no JS needed. I should have thought about that.
Also, your claim of it being more risky is simply nonsense. GET is a
tiny bit more prone to tinkering by the average user. But calling this
less risky is promoting security by obscurity, at most.
Maybe you should think about what happens if someone posts:
<img src="http://example.com/item_delete?id=123";> to a popular forum...
And the difference to posting
from urrlib2 import open
from urllib import encode
open("http://example.com/item_delete";, data=encode([("id", "123")]))
to that same public "hacker" forum is exactly what?
If your webapp happens to allow item_delete to be called without
authentication & authorization, then *that's* your problem.
Diez
--
http://mail.python.org/mailman/listinfo/python-list
