On 8/24/06, Timwi <timwi(a)gmx.net> wrote:
Suppose some stupid web programmer programmed a forum
where you can
delete posts with a GET request. If you can fire GET requests to any
server from Wikimedia's servers, then the forum's servers will only log
Wikimedia's IPs, and the mass-deletion forum vandal is now untraceable.
1) Most web programmers aren't that stupid.
2) Even if they were that stupid, they wouldn't be stupid enough to
allow an IP address completely unknown to their server to do anything
bad to it.
3) Even if they were *that* stupid (and we're currently talking
serious, serious stupid), they would have