GET requests and "wings fall off" buttons

Bill de hÓra is outraged that people are blaming Google Web Accelerator (GWA) for following HTTP GET links, rather than blaming the morons^H^H^H^H^H^Hweb developers who built web sites that use innocent-looking GET requests for actions with side effects, like (say) delete or launch missile attack.

I don’t know if GWA itself is useless hype, an evil conspiracy, or a good thing (I suspect some combination of the first two), but Bill’s right that the assumption that it’s always safe to follow a GET link is one of the basic pillars of the web. Initiating a potentially dangerous action in response to a GET request is on the same level as putting a “wings fall off” button on the arm of an airliner seat — sure, we’d prefer that the passenger not hit the button, but why is the button there in the first place?

About David Megginson

Scholar, tech guy, Canuck, open-source/data/information zealot, urban pedestrian, language geek, tea drinker, pater familias, red tory, amateur musician, private pilot.
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

2 Responses to GET requests and "wings fall off" buttons

  1. Ed Davies says:

    Actually, a single GET request can cause you to be fined and loose your job under idiotic UK law:

    http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/

    No, following that link won’t cause you to wind up in court, at least as far as I know, but it will tell you of a case were it happened. Not actually following an embedded link but using a made up URL (just appending “/../../..” to an existing one for quite plausible reasons) but the principle’s the same.

  2. david says:

    Good point. A GET request can also keep you out of business school:

    http://blogs.law.harvard.edu/philg/2005/03/08

Comments are closed.