http://www.independent.co.uk/life-style/food-and-drink/utter-PR-fiction-but-people-love-this-****-so-****-it-lets-just-print-it-2269573.html

First **** is feces, the second being fornication.

For some reason the link works with the asterisks, too. o_O

Ok it's a hoax...

You see, when you take away all the words and just use:

http://www.independent.co.uk/life-style/food-and-drink/2269573.html

...it still works, but it adds what was The Independent REALLY put there, which is:

http://www.independent.co.uk/life-style/food-and-drink/kate-middleton-jelly-bean-expected-to-fetch-500-2269573.html

You can replace the words with ANYTHING as long as you have the digits.html at the end there, and it'll work.

good to know the web developers at the independent don't know how to do URLs

zero-effort SEO, just remap everything with ***-digits.html to digits.html.

web "developers"

The web developers almost certainly do know how to do URLs.
Someone made a decision that this was the way they would look up the articles and this potential for abuse was almost certainly made clear to that person.

Remember, a place like the Independent has a lot of content to serve up, and they want it to be as efficient as possible. Verifying that the headline supplied in the URL matches what they put in the database doesn't help that.

I have absolutely no sympathy for the viewpoint that the web developers don't know what they're doing.


The boneheaded decision was how the Independent reacted. Leaving the loophole open and making a big fuss with an editorial only publicised it further and made them look like incompetent idiots. Had they silently put in a simple rule that blocked just the circulated URL with a 404, or a redirect to the correct article URL (less good because it means the fake URL still "works") as soon as they were aware of it, the vast majority of people who have now seen the fake URL wouldn't have been able to use it. That would have given them time to decide on a more general reaction to fake URLs.

Well, at least now we know that you write PHP for a living.

Something wrong with that, Jon'c

Haha, good one. (Hint: no I don't)

Edit: Further hint: I don't write web sites/apps for a living, either, currently.

Yep, and it's a waste of time to elaborate because everybody here already knows, or they're a web developer and won't listen, or they're a normie and just don't care.

In spite of Giraffe's opinion, it is definitely a safe bet to automatically assume that any given web developer has no clue.

It's the job of a web developer to treat URLs as part of the user interface, and then it's their job to achieve that without noticeable performance penalty. There's also no reason for The Independent URLs to end with .html, it doesn't make the site faster. It's just bad URL design.

It seems lots of website do this with the URLs. Just throwing an article or topic title in the URL seems to be the thing to do for incoming links and search engines. I could retweet this thread with modified URL like: http://forums.massassi.net/vb3/showthread.php?58959-Someone-is-getting-****ed-at-The-Independant!

Using a slug (generally the title of the page run through an algorithm that strips out common words and replaces spaces with dashes) is the correct way to do it, you shouldn't need to use a numerical ID at all. If the incorrect slug is used in the URL it should 404 (unless the slug has intentionally changed, in which case it should do a 301 redirect).

Right.. my point is a lot of people don't do it that way, and I mean a lot. And this kind of thing could happen to anyone.

Yes, but the thread title doesn't change if you do. You could also just use any sort of URL redirection service to make up some stupid URL as well, and it'd work for any website. That wasn't really the issue. It was that they took said URL info, and actually used that to generate part of the content of the website, without any verification whatsoever. I don't care how efficient they're trying to be, that's idiotic.

Oooooh I see, yeah that is pretty moronic and hopefully that guy did get fired.

It didn't generate content... The problem was limited to the slug being irrelevant for the system finding the right article.

Which also mistakenly assumes the vbulletin developers know what they're doing.

Like I said, this is zero-effort SEO. Basically, the web developers know that a lot of people will paste the URL without descriptive text and they want the headline to show up as often as possible. Like Detty said, using the headline text as the article ID is the correct way to do this, and anybody who knows anything about DBMSes knows that the only performance cost is compute which is totally subsumed by the I/O cost of accessing the index. Most web developers, incidentally, don't know anything about DBMSes.

Oh let me just say that you would never hear those words "vbulletin developers" and "know what they're doing" in the same sentence.

Now that I think about it, I don't know any website that you couldn't just append something to the end of the url and it would still work (Not every url but most websites).. Like by adding a #, ?, or / at the end followed by some profanity or whatever. Could you then just retweet, facebook share, link to your website and have it shared/crawled by bots?

examples:
http://www.php.net/docs.php/go-****-your-mother
http://www.woot.com/WriteUs.aspx?and-go-to-hell

Adding a # has no effect on what gets sent to the web server, so it has no effect on what page gets returned (the exception is if the site is fully AJAXed, but then the page is generated in two passes). Adding a ? is just a query parameter, it's up to the developer whether an invalid one should cause a problem or not. They don't tend to contribute to keyword relevance in search engines so a lot of developers don't bother constraining them, I sometimes do because when I've used them I need to know the input is well-formed.

Adding a / is actually changing the resource location (whereas a query parameter is just a filter) and should always return a different resource or simply not work at all, there's no excuse for this one.

I have actually knowingly used the id-slug combination in URLs before, primarily on an e-commerce site where a lot of products have very similar names and had to occupy the top-level of the URL schema.