> how do you secure, that one cannot bypass the post-form, by url- > manipulation? ==== You can not really do that, they can do whatever they want in the request.
One thing that you have to do is to enforce a session upon the users that get to search form - by requesting login for instance. To identify if a request is a second search or pagination just save the array of filters in the session and compare it when going to the second request, in the case of pagination all the filters will be the same except page. The thing is that there are so many ways to generate a DOS for a website that protecting only the search result does not make too much sense to me. They could be requesting an image from your site over and over again without touching the search result. So basically you will protect your search result somehow without protecting from other DOS methods. gabriel -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en