[mod_python] Questions on _call_ with mp servlets and python

Jim Dabell jim-mod-python at jimdabell.com
Tue Sep 7 21:35:48 EDT 2004


On Friday 03 September 2004 21:26, mike bayer wrote:
> > On Friday 03 September 2004 20:35, David Fraser wrote:
> >
> > If you don't use the query string parameters when you are expecting POST
> > variables, then your users are not susceptible to this form of attack.
>
> sadly, not true:

Well yes, of course Javascript can do it, but only if you don't follow CERT's 
advice by disabling client-side scripting for untrusted websites.  I was 
making an unstated assumption there - it's still a security measure, but upon 
re-reading my post, I agree it's not as important as I made it sound.


-- 
Jim Dabell



More information about the Mod_python mailing list