Passing parameters in URL
Paul Rubin
no.email at nospam.invalid
Wed Feb 3 13:12:48 EST 2010
Alan Harris-Reid <alan at baselinedata.co.uk> writes:
> As each link contains row-id, I guess there is nothing to stop someone
> from getting the id from the page source-code. Is it safe to use the
> above href method if I test for authorised credentials (user/password
> stored as session variables, perhaps?) before performing the
> edit/delete action?
Well, if it's really ok for them to delete records programmatically even
if it's ok for them to delete through the web site. I'd probably
encrypt the post parameters if this was a concern.
More information about the Python-list
mailing list