ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hans Lund (JIRA)" <j...@apache.org>
Subject [jira] Created: (IVY-854) Evil behavior form resolve latest.status: performs DOS attacks
Date Fri, 04 Jul 2008 09:41:49 GMT
Evil behavior form resolve latest.status: performs DOS attacks
--------------------------------------------------------------

                 Key: IVY-854
                 URL: https://issues.apache.org/jira/browse/IVY-854
             Project: Ivy
          Issue Type: Bug
          Components: Core
    Affects Versions: 2.0.0-beta-2
         Environment: windows xp sp2, linux fedora core 9, running Ivy repository through
http for remote resolving and Hudson CI server (publishing to the repo).
            Reporter: Hans Lund


Ivy is extremely aggressive towards repositories . This can result in  
resolving fails, even towards a healthy repository. 

The symptom:

[ivy:resolve] 01-07-2008 13:16:24
org.apache.commons.httpclient.HttpMethodDirector executeWithRetry
[ivy:resolve] INFO: I/O exception (java.net.BindException) caught when
processing request: Address already in use: connect.

In effect this happens when Ivy has performed a successfully DOS attack against the repository.


This is especially a problem when having large repositories (lost of revisions) and resolve
against latest.status -> as this will fetch ivy.xml md5 and sha1 files for every revision.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message