[mythtv-users] visit from googlebot

[Michael T. Dean]

On 10/02/06 11:23, Jacob Steenhagen wrote:

>While it's true that an unprotected MythWeb can cause many problems, this
>particular one can be mitigated with a little bit of conventional wisdom
>regarding web applications. "Best practice" says that any action which
>will cause some kind of permenant modification (such as deleting a
>recording!) be done using a POST rather than a GET. Web bots do not follow
>POSTs, therefore no matter how often googlebot visits, no recordings would
>be lost.
>

The HTTP spec ( http://www.faqs.org/rfcs/rfc2616.html - see section 9.1) 
says that, "the GET and HEAD methods SHOULD NOT have the significance of 
taking an action other than retrieval."  And, while I'm a huge supporter 
of this concept when it comes to idempotence ("the side-effects of N > 0 
identical requests is the same as for a single request") because I don't 
want my credit card charged twice because of some incompetent web 
developer, I'm all for purposefully ignoring this recommendation (i.e. 
"should not," not "must not") when it's only purpose is "safety" (as 
described by the first quote, above).  (While sending another delete 
request may result in a different page--i.e. an error page stating that 
the recording does not exist--the action itself is idempotent because 
whether you ask MythWeb to delete the file once or a million times, the 
file is gone.)

The reason why I feel the Recorded Programs page is a good case for 
ignoring the recommendation is because there is only one way to do a 
POST request from HTML--with an HTML form.  Imagine having 176 (my 
current number of recordings) forms and/or buttons on that page.  And, 
while it's possible to use JavaScript to submit a POST request in 
response to clicking a link, there are many browsers that don't support 
JavaScriptk, and I'm pretty certain Chris is trying to ensure that at 
least one theme doesn't require JavaScript.

So, the best thing to do is keep the Google bot off your website.  After 
all, even if Google doesn't delete the recordings for you, there are 
plenty of cretins out there who do Google searches to find unsecured 
MythWeb applications and go in and wreak havoc by changing settings or 
recording rules, deleting recordings, or illegally downloading 
videos/recordings (which could put you in the RIAA's/MPAA's 
crosshairs--even if you're not in the US)

At least this way, you only lose recordings (as opposed to channels, key 
bindings, or MythTV's configuration, itself).  Someone who knows Myth 
well enough could easily add user jobs to delete a recording immediately 
after it completes or one to delete stuff off the filesystem or ....  
That's much more difficult to diagnose than, "All my recordings got 
deleted last night," so the loss of recordings is a wake-up call.  :)

Mike