The problem could easily be solved. When we recommend the user to upload a
text-file containing the information, we can also recommend which name that
file should have. For example if user X wants to load a file from
ftp://name:email@example.com/~user/myfile.ogg mediawiki could automatically
search for a file ftp://name:firstname.lastname@example.org/~user/mediawiki_access_id.txt (or
something like that). So the user cannot enter a specific GET-Target -
thereby prohibiting the behaviour we fear.
Am Freitag, 25. August 2006 00:33 schrieb Timwi:
On 8/24/06, Timwi <timwi(a)gmx.net> wrote:
I was trying to address the security issues
that come from the user's ability to cause the server to perform any GET
request to any server.
This is a problem why, provided the server is careful about what it
does with the response?
It's not the response that's the problem, it's the GET request itself.
Suppose some stupid web programmer programmed a forum where you can
delete posts with a GET request. If you can fire GET requests to any
server from Wikimedia's servers, then the forum's servers will only log
Wikimedia's IPs, and the mass-deletion forum vandal is now untraceable.
I'm sure there are even more significant cases that I haven't thought of.
Wikitech-l mailing list