[cl-openid-ticket] #10: possible DOS attack
cl-openid
cl-openid-devel at common-lisp.net
Sun Jul 20 17:35:25 UTC 2008
#10: possible DOS attack
------------------------+---------------------------------------------------
Reporter: avodonosov | Owner: mpasternacki
Type: defect | Status: new
Priority: major | Milestone: HTTP client portability
Component: code | Version: 0.5 nonportable
Keywords: |
------------------------+---------------------------------------------------
As RP fetches any user supplied URI, it is easy to enter URL of some big
file
(say 1 GB) as a value of OpenID login and submit the form 20-30 times.
The RP server will quickly run our of memory.
IMHO limiting the size of fetched content is sufficient to prevent this
problem.
--
Ticket URL: <http://trac.common-lisp.net/cl-openid/ticket/10>
cl-openid <http://common-lisp.net/project/cl-openid>
cl-openid
More information about the cl-openid-ticket
mailing list