On Tuesday 10 October 2006 16:51, Matt Quackenbush wrote:
> main question now is: what is considered the "best" antidote for such a
> problem. Since I didn't know what it was, I obviously don't use web
Don't use HTTP GET (links) for things that have side effects use them for
views.
Use HTTP POST
On Tuesday 10 October 2006 16:30, Matt Quackenbush wrote:
> Hmm... okay, so the issue that is being referred to here is when the
> login check is handled AFTER that link is displayed?
No, no, no - it's much worse.
The Google accelerator thing looks at the page loaded in the browser (which
Actually, in my defense:)
the web accelerator is not supposed to follow a link that has a
query parameter... and it worked correctly for a long
time.. apparently a recent update to it introduced a bug where it IS
following links with query parameters. I reported it to google.
>It wasn
> I am just playing with this in my head. Would a form with
> method="get" be affected by the accelerator, or only anchors
> with get parameters built in to the href parameter?
I haven't used it, so I can only speculate. That said, I suspect that it
only follows A tags.
Dave Watts, CTO, Fig Le
Yes, since the Web Accelerator only makes GET requests. In HTTP, GET requests
shouldn't make changes; only POST requests should do that.
Dave
I am just playing with this in my head. Would a form with method="get" be
affected by the accelerator, or only anchors with get parameters built in to
> Thanks for the reply. I guess I first should've gone and
> checked to see what 'web accelerator' was, and then I might
> have understood. I guess my main question now is: what is
> considered the "best" antidote for such a problem. Since I
> didn't know what it was, I obviously don't use w
PROTECTED]
Sent: Tuesday, October 10, 2006 10:46 AM
To: CF-Talk
Subject: RE: Strange security problem with googlebot
> Hmm... okay, so the issue that is being referred to here is when
> the login check is handled AFTER that link is displayed? I guess I'm
> still a bit confused
> Hmm... okay, so the issue that is being referred to here
> is when the login check is handled AFTER that link is
> displayed? I guess I'm still a bit confused, because I can't
> understand a) why any such link would be displayed to anyone
> (or any bot) without them first being logged-in
Matt Quackenbush wrote:
> Hmm... okay, so the issue that is being referred to here is when the
> login check is handled AFTER that link is displayed? I guess I'm still a
> bit confused, because I can't understand a) why any such link would be
> displayed to anyone (or any bot) without them fir
and
having the appropriate credentials, and b) how a bot would get past a
login/credential check.
Thanks,
Matt
-Original Message-
From: Tom Chiverton [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 10, 2006 10:16 AM
To: CF-Talk
Subject: Re: Strange security problem with googlebot
On
On Tuesday 10 October 2006 15:50, Matt Quackenbush wrote:
> Okay, call me silly, but what kind of code exactly can cause this problem?
Delete this user
--
Tom Chiverton
Helping to assertively utilize leading-edge relationships
This email is
riginal Message-
From: Al Musella, DPM [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 10, 2006 9:27 AM
To: CF-Talk
Subject: RE: Strange security problem with googlebot
You hit it..
it was the web accelerator.
I now know that I should not let a simple clicked link change anything.
Both of t
You hit it..
it was the web accelerator.
I now know that I should not let a simple clicked link change
anything. Both of these sites were written in cold fusion version 2
and 3 when I didn't know better:) WAY too many pages to go back and
change them now. I thought since it was password prot
>I don't know how this could possibly happen...
>
>on 2 of my websites, someone hacked into the admin areas
> and changed hundreds of things by clicking links. I log
> every action taken, along with the ip address of who did it
> and traced back the ip to googlebot.
>
> I was using II
14 matches
Mail list logo