Come on, that's like saying brakes don't work because if you don't press them th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ebbv on March 23, 2015 \| parent \| context \| favorite \| on: Ask HN: Static site generator with web UI? Come on, that's like saying brakes don't work because if you don't press them then your car doesn't stop. Of course if you're concerned about this you'd make sure every page is current int he cache.

icebraining on March 23, 2015 [–]

Then the attacker does a POST instead, which the caching layer passes on, and your work was for naught.

I'm sure it's possible in theory to prevent all kinds of attacks, but it's not like not pressing the breaks, more like trying to plug every hole in a sieve. The tool just isn't built to help you do that.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact