tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 54076] SPNEGO authenticator's stateless-ness leads to a DoS with stateful clients
Date Tue, 30 Oct 2012 16:34:59 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=54076

--- Comment #1 from Mark Thomas <markt@apache.org> ---
Is that really a DoS (in that the server is unavailable to other clients) or do
you mean that the client gets stuck in an infinite loop?

For a DoS, the resources used by Tomcat need to be out of proportion to the
number of requests. i.e. If a client just sending a request again and again
uses roughly the same server resources as this case then it is not a DoS. The
report does not (at this point) sound like a DoS.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message