On 16 Apr 2009, at 13:54, Kjetil Kjernsmo wrote: > On Tuesday 07 April 2009 15:35:56 Gregory Williams wrote: >> The underlying problem here seems to >> me to be the existence of a HTTP GET operation that is deleting data, > > ...and quite frankly, if someone lets a HTTP GET alter significant > data on the > server, then they deserve to have all their data deleted :-P I think > that's > widely known as extremely dangerous to do, the first bot to come > along would > wreak havoc. Well, that was just an example. It doesn't alter the concern that letting external services trigger GET requests from inside a firewall is a bad idea in general. It's still pretty easy to cause hard-to-trace DOS attacks and other problems. - Steve -- Steve Harris Garlik Limited, 2 Sheen Road, Richmond, TW9 1AE, UK +44(0)20 8973 2465 http://www.garlik.com/ Registered in England and Wales 535 7233 VAT # 849 0517 11 Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10 9ADReceived on Thursday, 16 April 2009 13:04:52 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:00:54 UTC