> how do you secure, that one cannot bypass the post-form, by url-
> manipulation?
====
You can not really do that, they can do whatever they want in the
request.
One thing that you have to do is to enforce a session upon the users
that get to search form - by requesting login for instance.
To identify if a request is a second search or pagination just save
the array of filters in the session and compare it
when going to the second request, in the case of pagination all the
filters will be the same except page.
The thing is that there are so many ways to generate a DOS for a
website that protecting only the search result does not make
too much sense to me. They could be requesting an image from your site
over and over again without touching the search result.
So basically you will protect your search result somehow without
protecting from other DOS methods.
gabriel
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
