I recall a case where the courts did not agree with you. I can't remember names or many details, but the gist was that some guy realized that one of the pages was taking an fdat argument that was his userid, and by simply incrementing that number he could retrieve the data of any user he wanted. He presented his findings to the company (something major, like AT&T maybe), and they immediately sued him. He fought in court saying he wasn't malicious and was "white hat" as you say, but I believe he was convicted.Does anyone remember this case?
danielweber|11 years ago
sillysaurus3|11 years ago