ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maarten Coene (JIRA)" <j...@apache.org>
Subject [jira] Commented: (IVY-854) Evil behavior form resolve latest.status: performs DOS attacks
Date Wed, 23 Jul 2008 22:10:31 GMT

    [ https://issues.apache.org/jira/browse/IVY-854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12616279#action_12616279
] 

Maarten Coene commented on IVY-854:
-----------------------------------

I've committed a new version of HttpClientHandler.java into SVN trunk.
Could you test it to see if it makes a difference?

> Evil behavior form resolve latest.status: performs DOS attacks
> --------------------------------------------------------------
>
>                 Key: IVY-854
>                 URL: https://issues.apache.org/jira/browse/IVY-854
>             Project: Ivy
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.0.0-beta-2
>         Environment: windows xp sp2, linux fedora core 9, running Ivy repository through
http for remote resolving and Hudson CI server (publishing to the repo).
>            Reporter: Hans Lund
>
> Ivy is extremely aggressive towards repositories . This can result in  
> resolving fails, even towards a healthy repository. 
> The symptom:
> [ivy:resolve] 01-07-2008 13:16:24
> org.apache.commons.httpclient.HttpMethodDirector executeWithRetry
> [ivy:resolve] INFO: I/O exception (java.net.BindException) caught when
> processing request: Address already in use: connect.
> In effect this happens when Ivy has performed a successfully DOS attack against the repository.

> This is especially a problem when having large repositories (lost of revisions) and resolve
against latest.status -> as this will fetch ivy.xml md5 and sha1 files for every revision.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message