On 8/25/06, Timwi timwi@gmx.net wrote:
That is simply not true. Web spiders only follow links.
And since when is following an HTTP link *not* sending a GET request? You'd have to Google-bomb it to get Google to do it, granted, and that only hours or days later, but many other sites (ImageShack comes to mind) will execute arbitrary GET requests immediately upon request. Heck, you could even grab some random stranger's e-mail address and say "Hey, follow this cool link!". Or just use an ISP that uses proxies. Or find a high-quality open proxy. Or use Tor. Or . . .
. . . you get the picture. There is literally *no* *security* *reason* *at all* for MediaWiki to not send arbitrary GET requests. Period. The only difference from our side is that we have a GET response instead of a POST, which is no security difference at all, and if anything can harm the recipient (which it overwhelmingly can't), we aren't going to make an already trivial task any easier.