Re: Security Concerns section added to Query_by_reference

On 16 Apr 2009, at 13:54, Kjetil Kjernsmo wrote:

> On Tuesday 07 April 2009 15:35:56 Gregory Williams wrote:
>> The underlying problem here seems to
>> me to be the existence of a HTTP GET operation that is deleting data,
> ...and quite frankly, if someone lets a HTTP GET alter significant  
> data on the
> server, then they deserve to have all their data deleted :-P I think  
> that's
> widely known as extremely dangerous to do, the first bot to come  
> along would
> wreak havoc.

Well, that was just an example. It doesn't alter the concern that  
letting external services trigger GET requests from inside a firewall  
is a bad idea in general.

It's still pretty easy to cause hard-to-trace DOS attacks and other  

- Steve

Steve Harris
Garlik Limited, 2 Sheen Road, Richmond, TW9 1AE, UK
+44(0)20 8973 2465
Registered in England and Wales 535 7233 VAT # 849 0517 11
Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10  

Received on Thursday, 16 April 2009 13:04:52 UTC