[Catalyst] how to confirm before deleting
Toby Corkindale
toby.corkindale at strategicdata.com.au
Thu Jan 22 06:41:16 GMT 2009
Trevor Phillips wrote:
> On Thu, Jan 22, 2009 at 3:12 PM, Toby Corkindale
> <toby.corkindale at strategicdata.com.au> wrote:
>> But what happens when your site gets spidered by a search engine, that
>> follows all links?
>>
>> Whoops.
>>
>> There's a good reason state-modification-actions should be POST (or rather,
>> non-GET, if you want to go with PUT, DELETE, etc)
>
> Surely such an action would be behind some form of authentication,
> ergo blocking any random web crawler? An app that allowed you to
> delete records with no security checks has bigger issues. ^_^
Yeah.. can't actually remember what the actions were, but indeed, 'twas
misguided.
After posting that, I realised other people had already posted warnings
about not using GET for state-change anyway.
More information about the Catalyst
mailing list