[JDEV] Filling public server's disk?
Trejkaz Xaoza
trejkaz at xaoza.net
Fri Jan 9 05:52:04 CST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 9 Jan 2004 07:33, Mike Prince wrote:
> HTTP/HTML is flexible enough to support challenge/response from an
> application server, most often in the form of a graphic depicting human
> readable text. AFAIK, the XMPP clients don't support this. If they did,
> XMPP client registration would probably be good enough for most.
Images, no, but with jabber:x:data you could have all sorts of fun.
For instance, you could generate a random text description of a mathematical
calculation to perform and enter in the text field. That would be fairly
tricky (but probably possible) to script responses to.
However...
Couldn't you do just as much DoS damage by simply _attempting_ to register
thousands of clients at the same time? Surely the XML parsing will add up to
enough strain on the server to deny all users. And if you think you won't
fill the disk, think about the logging. It might log just as much as the
space a registration record takes up (certainly looks like it using the
default settings.)
TX
P.S. haven't seen you around for a while, Mike... unless you've been lurking,
or I've been blind. ;-)
- --
'Every sufficiently advanced technology is indistinguishable from magic' -
Arthur C Clarke
'Every sufficiently advanced magic is indistinguishable from technology' - Tom
Graves
Email: Trejkaz Xaoza <trejkaz at xaoza.net>
Web site: http://xaoza.net/trejkaz/
Jabber ID: trejkaz at jabber.xaoza.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE//pXlmifzwBMPxxoRAhQcAKCDUCynZe5loNKHfH+ksIGSEtxPrQCfRVZ4
KCpQrqh3ZSklhVmT6j994TM=
=Yh3F
-----END PGP SIGNATURE-----
More information about the JDev
mailing list