21 Nov
2013
21 Nov
'13
11:52 a.m.
On Wed, 2 Oct 2013 14:13:11 -0400 Richard Barnes <rlb@ipv.sx> wrote:
(3) is a huge security risk, because of the wide variety of things that are done with HTTP requests. For simplicity, let's assume the probe would send a GET request, and not anything more sophisticated (POST, PUT, DELETE, etc.). You could use a GET request to download a file, but you can also a GET request to do things to supply responses to HTTP forms. Want to make sure your favorite band wins the EuroVision Song Contest? Just task the Atlas network have 1000 probes vote for them every 5 minutes.
GET requests should not alter state; if they do, arguably the problem there lies with the design of the faulty website.