Erndob Erndob - 23 days ago 7
Node.js Question

Is it safe to do http requests to websites people submitted?

Are there any security risks if I do http GET or HEAD requests to links people submitted(so it can be absolutely anything) from my server?

Answer

There are few I can come up with:

  • The attacker could setup a server that takes a long time to respond or return a bogus HTTP header that causes your thread/process to take a long time to respond, this may cause a DDOS on your system.

  • The attacker my point you to link that download a huge file which would cause your system memory/hd to blow up

  • Your HTTP client might have security holes in it that could be exploited by a crafted GET response