On Friday, July 17, 2015 at 5:24:44 AM UTC-4, Oliver Berger wrote: > > Access Tokens in the query string seem insecure to me since they persist > in server log files... >
the access token would be fine if it's a Nonce (assuming this is some sort of oAuth style access grant). You could easily handle this in a tween. I have a similar system that uses class-based views and handles this in the init of the base class -- but I would do this in a tween on other situations. If you want to add a custom attribute to the request, `add_request_method` is the preferred way. you could create a method and @reify it to only run once , which decodes the data off your query string and then stashes it for direct access in the future. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
