On Wed, Aug 20, 2008 at 4:37 PM, Dave Watts wrote: .... > Your main concern is not the consumption of resources as a result of an > automated attack. That's just like any other denial of service attack, > basically. If you can filter it out successfully, that's good for you, but > you should be far more concerned with the results of a successful SQL > injection attack.
Hey Dave! Not to argue the difference between if(len()) and if(len() eq 0)... [-;) I think DoS attacks are something to be aware of. I shudder to think of a million error emails, and the load that puts on multiple servers, bandwidth, etc.. DoS attacks are one of those deals, that can cascade. Like the Great Black-out, of whatever year that was. 70-something? Or like the bank crisis of the late 90s... Eh. Not to lessen the injection attacks, which are more likely to cause real damage, and are more likely to expose a security hole than DoS (but DoS can end up exposing quite a bit too, so) yeah, just wanted to say, the layered thing seems the way to do it. Low level, quick stuff, and high level, (most likely) slower stuff. For a web-app developer though (no admin responsibilities), maybe it goes like this: 1) Sanitizing *all* user input. GiGo. 2) Avoid a self-imposed DoS, by things like error emails with no throttle, emailed logs/huge logs on disk/in memory, or whatever. Just wanted to sorta put emphasis on the fact that a DoS is still something that's pretty bad, and *can* end up being as bad, or worse, than injection attacks. Just adding some emphasis, is all. You can DoS yourself with some of the solutions I've seen to the injection attacks. Not that we really have to worry, right? I'm sure we're all doing load-testing, and part of that is testing a massive amount of errors, right (intentional or no;)? Right? Hahahahaha. *sigh* someday. :-) Man, how did I get here from trying to express the idea that one attack can cascade into another kind of attack, or something like that? Eh. *shrug* :-) May your buffers never overflow, |Den -- Catch, then, O catch the transient hour; Improve each moment as it flies! St. Jerome ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311515 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
