Timwi wrote:
[someone else wrote:]
.. . . you get
the picture. There is literally *no* *security*
*reason* *at all* for MediaWiki to not send arbitrary GET requests.
Period.
OK, here's one scenario. This feature could be used for
denial-of-service attacks against other sites, by using Wikipedia's
high-bandwidth server farm as a dowload bandwidth amplifier: an attacker
could simply set many downloads going at once to one server, at the cost
of trivial bandwidth overhead to set up each connection.
-- N
Okay then, go ahead and introduce the feature :-)
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l