Ticket #10 (new defect)

Opened 4 years ago

Last modified 3 years ago

possible DOS attack

Reported by: avodonosov Owned by: mpasternacki
Priority: major Milestone:
Component: code Version:
Keywords: Cc:

Description

As RP fetches any user supplied URI, it is easy to enter URL of some big file (say 1 GB) as a value of OpenID login and submit the form 20-30 times.

The RP server will quickly run our of memory.

IMHO limiting the size of fetched content is sufficient to prevent this problem.

Change History

Changed 3 years ago by mpasternacki

  • version 0.5 nonportable deleted
  • milestone HTTP client portability deleted
Note: See TracTickets for help on using tickets.