HACKER Q&A
📣 d10y3vh5

Unauthenticated Requests


I work at a company that re transmits 911 alerts to security cneters on military bases. They alow unauthenticated requests like

``` post /alert {"911": "alert"} ```

that update the db and alert security personnel on base my question is? can this work or is this more trouble than its worth? if i post the url, is that crime?

  👤 gregjor Accepted Answer ✓
It's possible the request is authenticated/secured with a VPN, by requesting IP address(es), with an encrypted header, etc. There are multiple ways to authenticate an HTTP request. Maybe there's some authentication happening not visible in the API docs.

If anyone on the public internet can access that URL and post a request that seems like a bad idea.