Main » 2011 » Март » 16 » Disk full
12:19
Disk full
Category: Design
Due to insufficient input validation, or badly organized caching attacker can score a database or disk of unnecessary information, which slow down and may cause (if the end position) a broken system.
  1. Useless requests, this method is chasnoe case of DDOS attack, the attacker places on the site (or using their XSS) code that sends the feedback form / voting, or banal itself automatically accesses the URL. As a result of this attack site database or hard drive filled with data (which is to all other levels the reliability of the survey and disorganized desk). Solved by the inclusion of labels or, in severe cases, captcha (you can include automatically if requests go very often).
  2. The growth of the cache. The result of complex samples, usually cached (stored on disk or in memory to save resources), and the cache is based on the input query, check if the input data is not enough, you can enter additional parameters, to create similar caches. On the one hand, scoring drive and memory, on the other - eliminates the positive effect of cache (ie, can be regarded as a special case of DOS)
    solved by more rigorous review of data prior to caching or query the cache.
If you like to identify the cache on the query string, be aware that supplying any silly options, some very bad, could have dirtied your cache, and between business and podosit.
A special case is the previously described lack of cast to integer, as "001" and "1" is identical tsiferki, but different lines, so / \ d + / Extended version of so-so, but / ^ [1 - 9] \ d *$/-- good fit Extended version.
Also, starting to read something, make sure that you can read this, this problem once ran the company began testing mail.ru files for viruses, the fact that a seemingly small archives, it is chance, can contain several terabytes of O (probably the bike, but there is a moment of reflection).
A site Vkontakte somehow decided to hooliganism, and made on the page invisible iframe with a leading casual games site, why award poplohelo little, in fact this cute action closer to DDOSu, but worth mentioning.
Views: 418 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: