Argh, post got sent too early.
On 8/24/06, Timwi timwi@gmx.net wrote:
Suppose some stupid web programmer programmed a forum where you can delete posts with a GET request. If you can fire GET requests to any server from Wikimedia's servers, then the forum's servers will only log Wikimedia's IPs, and the mass-deletion forum vandal is now untraceable.
1) Most web programmers aren't that stupid.
2) Even if they were that stupid, they wouldn't be stupid enough to allow an IP address completely unknown to their server to do anything bad to it.
3) Even if they were *that* stupid (and we're currently talking serious, serious stupid), even if it could cause irreparable harm to their website, in fact even if following arbitrary GET requests would bring about the Apocalypse and plunge the Earth into a bath of fire, it wouldn't matter that we did so, because there are literally tens of thousands of sites that will do it for you. Any web spider *automatically* sends *millions* of arbitrary GET requests, and has to for the Internet as we know it to function. There is no way that sending arbitrary GET requests can hurt *anything*.
I'm sure there are even more significant cases that I haven't thought of.
See point 3 above. If there were good reasons for not following arbitrary GET requests, Google would not exist.