HTML/Middle-click/Security question...

[Madison Kelly]

Mike, Brandon, Zbigniew and Fraser,

   Thanks very kindly for all your detailed replies!

   So knowing now that Get/Post isn't any more secure I'll have to 
rethink how I handle security. I am happy to say that one piece of 
advice you guys gave me, validating CGI variables, I am already doing. 
:) Maybe I am getting to paranoid about this issue then?

   It is good to know that Post's aren't cached; so I will probably 
stick to using forms for back end pages and allow Get's for front end 
pages.

   Specifically with regards to the search engine, I will change the 
results to only point to public pages using normal 
'http://foo.com/cgi-bin/script.cgi?var1=foo&var2=bar'). If the user is 
logged in (and has privs), I'll show an "Edit" button which can use a 
form to call the admin page.

   So again, thank you all kindly! You've helped me understand security 
a wee bit better. Also, I've bookmarked the OWASP site. :)

Madi
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists