[mod_python] Questions on _call_ with mp servlets and python

Daniel Popowich dpopowich at comcast.net
Fri Sep 3 18:38:30 EDT 2004

> This is security by obscurity. I would think making sure the values 
> passed into a function are safe is more important. The danger of 
> security by obscurity is it misleads you into not doing this kind of 
> checking...

I fear I was not clear.  I should never have used the word "secure."

It should be understood that there is no difference, security-wise,
between POST and GET.  One is no more secure than the other.  Every
request, regardless of POST or GET should be validated before

My decision that mpservlets should not process "_call_" methods for
the GET method was simply to obscure python code.  I did not want
users of a browser to something like this in their url:


IMHO, this is just begging for attention.

Anyway, I can see that some developers will want something like that
and so I will add allowing it by setting an attribute to True.

I'm keeping a list of feature requests and will be getting another
release out this fall.

Daniel Popowich

More information about the Mod_python mailing list