Bruno Desthuilliers <[email protected]> writes: >> The buttons are in the form of a link with href='/item_edit?id=123', > ...At least use "POST" requests for anything that Create/Update/Delete > resources.
There's also the issue that a user can change "123" to "125" and possibly mess with someone else's resource, unless you use some server side authentication. Or just seeing how often the numbers change could reveal patterns about what other users are doing. I always think it's best to encrypt anything sensitive like that, to avoid leaking any info. -- http://mail.python.org/mailman/listinfo/python-list
