I've got the postgresql version working. I'm going to do a 5.1.1 clean install on both databases and see what happens. I'll make the change you suggested also.
Currently I'm using % in my match string and using like to find them
select sudo_url_id from sudo_urls where :url like url
This works fine but costs a db hit on ever page. I'm thinking about changing this to use tcl regexp and cache the list of protected urls. I think this will be better if you don't have very many and I don't really know why you would. You can protect all the admin sections with .*admin.*
Anyone have an opinion?
Finally I was reading some W3 documents the other day and apparently there is a requirement that the GET method makes no data changes. The example they give is you should not send a link that subscribes to a mailing list. You should send a link to a form that when POSTed does the subscribe. I was surprised this was in the spec.