Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We had an internal wiki where the "delete article" link was a GET. Then someone wrote a crawler for it and deleted the entire wiki in 15 minutes. It was changed to a POST after that.


Heh, this reminds of a story many years ago at Google, where we got angry messages from some guy complaining that Google kept deleting all the photos from his online album.

We eventually figured out he his online album had an unprotected "delete this photo" endpoint via a GET, and no robots restriction! We eventually had to fix the crawler to detect things like this...


I bet Google gets tons of these: http://thedailywtf.com/Articles/The_Spider_of_Doom.aspx


I love this idea that you have to be exceptionally smart not to do the best job, but to do a normal job while surrounded by mediocrity.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: