A client just sent me a web security report for a Mason-based site I built for him a while ago (Mason 1.38). The report, which was generated by HP WebInspect, complains that form scripts on the site are not distinguishing between POST and GET parameters. A summary of the problem is provided, explaining that 'collapsing' POST and GET params into a single collection exposes the site to XSS and other attacks.
I'd like to get list users' thoughts on the degree of vulnerability represented. Is there a best practice way of dealing with this issue? Thanks, MM ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users