Progress and some thoughts

meepbear * meepbear at
Wed Jun 22 12:07:56 PDT 2005

>Regardless of all this, I don't really see how it can be avoided. The
>impact should be minimal anyway.
I was just considering the implications of connecting to a user supplied URL 
that you can't possibly know is legitimate or not and two things came to 
mind which was either feed it URLs that perform an action on behalf of the 
user, or repeatedly POST stalling URLs. Even if the script instances aren't 
doing anything, they still need memory to run, but it is obscure I agree 
with that :).

The first worries me a lot more than the second anyway. Even if I keep 
consumer logs and regularly check for any suspicious claimed id URLs, I'd 
have to tell my host about it since their server's IP will be showing up on 
the attacked site and I doubt they'd allow me to keep it running for it to 
happen a second time.

Free blogging with MSN Spaces

More information about the yadis mailing list