On 09/10/06 21:59, Juha Heinanen wrote:
currently there is no limit how many messages a user can have stored in silo table. this is clearly a big dos security problem that needs to be fixed.
yes, some check must be done, indeed. One can use now pike module to detect flooding, and there is an expire time for stored messages.
What you proposed cand be done via avp_db_query() from the script. You can load the count of stored messages per user in an avp and check it directly in the script.
Cheers, Daniel
i suggest to add a module parameter max_message_count or something like that. the downside is that m_store will require two db operations, but there is nothing we can do about that. comments? -- juha _______________________________________________ Devel mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/devel
_______________________________________________ Devel mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/devel
