CGI: POST and GET
sik0fewl
xxdigitalhellxx at hotmail.com
Mon Feb 10 14:46:03 EST 2003
empty wrote:
> William <wilk-spamout at flibuste.net> wrote in message news:<873cmxx29p.fsf at flibuste.net>...
>
>>printf_nemesis at hotmail.com (empty) writes:
>>
>>
>>>Is it possible to retrieve specifically POST or GET method information
>>>? Does cgi.FieldStorage() have a method for that ? And if its not
>>>possible, thats a big security issue, any other form of security ?
>>
>>I think if you change the argument of FieldStorage, you can skip GET or
>>POST.
>>But why do you say it's a security issue ?
>>
>
>
> Because, it allows crackers to pass data that was not intended to be
> able other then through form ones, which might allow variables which
> may be illdefined to make the script do unfreindly things, its more of
> an issue in PHP because of SuperGlobals though..
I wouldn't rely on POST any more than GET, POST requests can still be
faked by anyone who is seriously trying to hack into your server.
--
Ryan
More information about the Python-list
mailing list