lenya, cache poisoning and DoS attacks

Thread: lenya, cache poisoning and DoS attacks

Search this list only Search all lists
lenya, cache poisoning and DoS attacks
	2007-01-23 05:12:26
hi *! while toying with my new language selector, i implemented a simple on-the-fly rendering of svg graphics to png at arbitrary sizes. you can request http://localhost:8888/modules/languageselector/flag--.png where can be any of the languages we currently have svg flags for (en, de, fr, he, es), and size is a height in pixels. you will get a custom-sized png that's rendered from the respective svg on-demand. this is very handy for modules, because you can provide mechanism without second-guessing design decisions. *but*: svg rendering is rather expensive, and an evil attacker could even use it to hog server resources. therefore we must cache. but since you can have any language in any size, you can also fill cache space easily with entries that are unlikely to be ever needed again. i wonder: how many such potential cache hogs do we have? regards, jörn -- Jörn Nettingsmeier "Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law." - Douglas R. Hofstadter --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribelenya.apache.org For additional commands, e-mail: dev-helplenya.apache.org