Malicious URLs can open a server to many kinds of attacks, and the tools to protect your site aren't always helpful or easy to use.
Many years ago, Tim Berners-Lee, father of the World Wide Web, spoke at a conference. His message was that URLs that users could decipher were a bad idea. Web applications should employ URLs that are deliberately complexblack boxes for which only the Web server has a key. That way, programmers could ensure and control the user experience.
This makes sense from a security perspective as well: Apart from exposing the underlying logic of Web applications in a way that invites exploits like SQL injection, easily apprehended URLs facilitate attacks based on legal but malicious HTTP requests designed to break a server. Many exploits on many Web serversmost often Microsoft IIShave been based on URLs that were technically legal but employed buffer overflows or similar techniques.
Click here for the complete story...