Every URL an app-engine app handles is public since it appears in the URL bar in the browser. So even if it begins with _ or is strangely spelled a user could use the back button or history and directly edit a URL, then submit it and likely cause an error unless everything is validated.
Is it good practice to validate every piece of data coming in to a URL handler by GET or POST and not assume anything? Or accept a small number of errors when people do stupid things. I can certainly validate everything but it obscures the code. Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
