On 8/25/06, Timwi <timwi(a)gmx.net> wrote:
That is simply not true. Web spiders only follow
links.
And since when is following an HTTP link *not* sending a GET request?
You'd have to Google-bomb it to get Google to do it, granted, and that
only hours or days later, but many other sites (ImageShack comes to
mind) will execute arbitrary GET requests immediately upon request.
Heck, you could even grab some random stranger's e-mail address and
say "Hey, follow this cool link!". Or just use an ISP that uses
proxies. Or find a high-quality open proxy. Or use Tor. Or . . .
. . . you get the picture. There is literally *no* *security*
*reason* *at all* for MediaWiki to not send arbitrary GET requests.
Period. The only difference from our side is that we have a GET
response instead of a POST, which is no security difference at all,
and if anything can harm the recipient (which it overwhelmingly
can't), we aren't going to make an already trivial task any easier.