Argh, post got sent too early.
On 8/24/06, Timwi <timwi(a)gmx.net> wrote:
Suppose some stupid web programmer programmed a forum
where you can
delete posts with a GET request. If you can fire GET requests to any
server from Wikimedia's servers, then the forum's servers will only log
Wikimedia's IPs, and the mass-deletion forum vandal is now untraceable.
1) Most web programmers aren't that stupid.
2) Even if they were that stupid, they wouldn't be stupid enough to
allow an IP address completely unknown to their server to do anything
bad to it.
3) Even if they were *that* stupid (and we're currently talking
serious, serious stupid), even if it could cause irreparable harm to
their website, in fact even if following arbitrary GET requests would
bring about the Apocalypse and plunge the Earth into a bath of fire,
it wouldn't matter that we did so, because there are literally tens of
thousands of sites that will do it for you. Any web spider
*automatically* sends *millions* of arbitrary GET requests, and has to
for the Internet as we know it to function. There is no way that
sending arbitrary GET requests can hurt *anything*.
I'm sure there are even more significant cases
that I haven't thought of.
See point 3 above. If there were good reasons for not following
arbitrary GET requests, Google would not exist.