[pLog-svn] Re: AdminLoginAction
Jesse Peterson
jesse.peterson at exbiblio.com
Wed Mar 22 15:57:39 GMT 2006
On Mar 22, 2006, at 5:40 AM, plog-svn-request at devel.lifetype.net wrote:
> I think, Oscar's point is, that it doesn't matter for LifeType in
> terms of
> security and functionality if the vars are POSTed or GETed.
> The application logic has to validate user input no matter where
> it's from.
>
> Not making a difference between post and get on the application
> level may
> as well be seen as a "feature". For example you may change the post
> action
> in the search form of most of the templates to a get action and get
> a more
> userfriendlich and bookmarkable search result page...
It could feasibly make debugging more involved which was the reason
why I brought it up. Exactly the case you're saying - one thing
exists in the URL and another in the form - knowing the precedence
might help in some situation where the correct action (no pun
intended) isn't being taken.
Cheers,
- Jesse
--
Jesse Peterson <jesse.peterson at exbiblio.com>
More information about the pLog-svn
mailing list