-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Malthe Borch wrote: > 2009/5/12 Tres Seaver <tsea...@palladion.com>: >> The server side wouldn't know that: the presence of such a field in the >> request is completely independent of any form (e.g., cookies passed long >> after logging in). > > I understand the issue, but shouldn't the remedy be to avoid ever > displaying request data in a public view?
That would make a lot of applictaions pretty....pointless. ;) - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKCY/r+gerLs4ltQ4RAtgNAJ4ggfnh/n9xij0xZ/RqlDYKvJkMJQCgkzg5 wnip5cm5yXHGZQtBwSyUQvc= =x5Km -----END PGP SIGNATURE----- _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev