Oliver Bleutgen <[EMAIL PROTECTED]> wrote: > The issue of client side trojan recently came to my mind again. >[..] > I think zope's management methods (the potentially destructive ones) > should not accept REQUESTs with REQUEST_METHOD "GET".
I like the idea of trying to secure that kind of things a lot. Unfortunately, considering how trivial it is for Javascript code to do a POST programmatically, I don't see how that proposal would actually help. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 87 http://nuxeo.com mailto:[EMAIL PROTECTED] _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )