On Fri, Aug 25, 2006 at 06:33:51PM +0100, Rob Church wrote:
On 25/08/06, Timwi <timwi(a)gmx.net> wrote:
The kinds of webmasters we are talking about here
will assume that you
can never fire a given GET URL if you never see a page with a link to it
on it.
(Which is still a damn stupid assumption to make)
Not as bad as the ones who allow elementary SQL injection, etc. etc.
There's probably still hundreds of thousands of web sites out there
with basic flaws in. :)
Indeed; I can easily visualize a forum message page with a Delete Me
link right on it.
Further authorization should clearly be required for that to actually
happen, but the concept of such a link *existing* on a page isn't by
any means beyond the pale...
Cheers,
-- jra
--
Jay R. Ashworth jra(a)baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA
http://baylink.pitas.com +1 727 647 1274
The Internet: We paved paradise, and put up a snarking lot.