On Tue, 2011-08-30 at 14:32 -0500, Michael Merickel wrote: > I don't see this as an issue because if you're deploying with the > debugtoolbar enabled you should be shot. Regardless adding the token > to the url doesn't sound like a big deal. I guess we'll just have to > think about it.
It doesn't matter whether you deploy or not with it; it's independent of that. If you have it running at all, and you visit a web page from your development system, you're vulnerable. - C > > > -- > > Michael > > > -- > You received this message because you are subscribed to the Google > Groups "pylons-discuss" group. > To post to this group, send email to pylons-discuss@googlegroups.com. > To unsubscribe from this group, send email to pylons-discuss > +unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.