httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: mod_auth-any/1672: Authentication / .htaccess DoS attack (fwd)
Date Wed, 14 Jan 1998 22:59:43 GMT
On Wed, 14 Jan 1998, Brian Behlendorf wrote:

> I'm not yet ready to throw in the towel and say "we can't protect against
> internal users causing the machine to slow to a crawl and die" - I think we
> can take each case, especially the really cute ones like this, and do some
> sort of workaround.

Sure.  Let me know when you stop enumerating all the cases and I'll
wish you luck doing anything about it because most group members
will be dead by then.  <g>

While I support putting reasonable fixes in place that can eliminate
the most easily exploited problems, going case by case simply 
isn't practical.  Buffer overflows can be systematically checked in 
most cases.  "resource usage" isn't that easy.


Mime
View raw message