Progress and some thoughts
meepbear at hotmail.com
Wed Jun 22 12:07:56 PDT 2005
>Regardless of all this, I don't really see how it can be avoided. The
>impact should be minimal anyway.
I was just considering the implications of connecting to a user supplied URL
that you can't possibly know is legitimate or not and two things came to
mind which was either feed it URLs that perform an action on behalf of the
user, or repeatedly POST stalling URLs. Even if the script instances aren't
doing anything, they still need memory to run, but it is obscure I agree
with that :).
The first worries me a lot more than the second anyway. Even if I keep
consumer logs and regularly check for any suspicious claimed id URLs, I'd
have to tell my host about it since their server's IP will be showing up on
the attacked site and I doubt they'd allow me to keep it running for it to
happen a second time.
Free blogging with MSN Spaces http://spaces.msn.com/?mkt=nl-be
More information about the yadis