close Warning: Can't synchronize with repository "(default)" (/project/cl-openid/svn does not appear to be a Subversion repository.). Look in the Trac log for more information.

Opened 16 years ago

Last modified 16 years ago

#10 new defect

possible DOS attack

Reported by: avodonosov Owned by: mpasternacki
Priority: major Milestone:
Component: code Version:
Keywords: Cc:

Description

As RP fetches any user supplied URI, it is easy to enter URL of some big file (say 1 GB) as a value of OpenID login and submit the form 20-30 times.

The RP server will quickly run our of memory.

IMHO limiting the size of fetched content is sufficient to prevent this problem.

Change History (1)

comment:1 Changed 16 years ago by mpasternacki

Milestone: HTTP client portability
Version: 0.5 nonportable
Note: See TracTickets for help on using tickets.