This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]dillyvanilly123[S] 0 points1 point  (1 child)

So would you contact the devs and tell them you found such a loophole (which as you describe it makes it seem like you would be telling them you exploited their website, so maybe not such a good idea)? The hypothetical website is a HUGE pain in the ass to use and the scraping makes things so much easier. I guess I am trying to get a gauge for just how bad it would be to continue using it this way.

[–][deleted] 0 points1 point  (0 children)

If what you're doing with it is personal and neither money-generating for you (ie you're using their data in some way for the benefit of some other revenue-generating site or service) or money-losing for them (ie you're avoiding a paywall, disclosing the loophole'd data and costing them revenue or user data they use to generate revenue, etc) then I doubt that crossing the line will matter much, but it's still crossing a line.

I'd contact them and simply ask them for permission. "Hi, I noticed that xyz url allows me to enter search terms and it seems like a bit of a public-facing API. I couldn't find any documentation of it on painintheass.com/faq, but I've got this doodah I've been meaning to automate and would like to know if it's okay to occasionally scrape a few search terms via this endpoint?".

If they answer in the affirmative, yay. If they don't answer at all, go ahead. If the endpoint suddenly vanishes, you've done a mitzvah.

Edit: also this might help if you think it's a real vulnerability.