More information about the Underscore mailing list

[_] Site test and opinions

Jon Bennett jmbennett at gmail.com
Wed Sep 12 16:06:55 BST 2007 

> I know this is a bit late now, but it did pop into my head that the
> search on the site submits using the GET method. The problem with this
> is that a malicious user is then free to play around with the generate
> URL and try to trip over the srcipts or the database. normall I stick to
> using post for form submissions in an effort to close down site URLs for
> abuse.

with proper SQL injection prevention that shouldn't be any issue, and
it certainly makes paginating through result sets far easier and
allows search results to be linkable, which is pretty useful.

just my 2p.

jb

-- 

jon bennett
w: http://www.jben.net/
iChat (AIM): jbendotnet Skype: jon-bennett