0

Say i did something like https://SomeSite.com/variableThing=**MyValue** instead of https://SomeSite.com/variableThing=**DefaultValue**

Can I be held accountable for any errors that the variable generates on the server end.

The servers are probably owned by my local organization, and I have not agreed to any statements the software my organization is using.

richardb
  • 2,346
  • 1
  • 9
  • 20
Dave
  • 3
  • 1

1 Answers1

3

Awareness of consequences

If you knew (or had reasons to suspect) that the server end implemented something like (whether intentionally, or by way of a bug/omission):

if variableThing == **MyValue** {
    causeALotOfTrouble()
}

— then yes, you pretty much can be held accountable.

Otherwise highly unlikely. By default, it is reasonable to expect that servers handle/filter/sanitise user input properly no matter where the request comes from, so modifying a URL is merely seeking certain data from the server — which it is free to supply or deny.

For example, if MyValue is an SQL injection attempt, then yes. If it is trying to filter out the results by a certain criteria, then no.

Greendrake
  • 27,460
  • 4
  • 63
  • 126
  • 1
    Would it matter whether the request is an HTTP GET request (of which the standard explicitly says that the client can not be made responsible for any side-effects) or an HTTP POST? – Jörg W Mittag Apr 10 '22 at 18:49
  • 2
    @JörgWMittag the HTTP spec will not serve as a defense in court. If someone makes a particular HTTP request knowing -- or even suspecting -- that the request will have certain consequences, then the court will hold that person liable for those consequences. – phoog Apr 10 '22 at 20:34
  • Thank you for your answer, I hope I didn't break anything. May have a long day ahead of me once i return to my organization tomorrow. – Dave Apr 11 '22 at 05:02
  • If there is a bug in my server software that makes it crash on certain url requests, and you know or suspect it, send one of these requests and my server crashes, you are guilty. – gnasher729 Apr 12 '22 at 20:54