Hi Rowan, On Thu, Apr 30, 2015 at 11:17 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> >> A fatal error wouldn't constitute a DoS vulnerability, would it? >>>> >>>> Attacker may inject huge ID value and/or they may simply access >>> web sites to reach 2 billion limit, for example. >>> >> >> That's not a DoS vector unless you've also done something else wrong, >> it's just an embarassing error like many others. A lot of the time, the DB >> will overflow first anyway, because an SQL "int" is signed 32-bit. Hell, >> YouTube had a 32-bit int for number of views until Gangnam Style overflowed >> it! >> > > Not really. Primary key is out of user control almost always. However, > suppose code allows to specify foreign key and code assumes that non > existing foreign key results in search query failure. > > Current PHP: Search query failure. > New PHP type hint: Fatal error because foreign key is out of PHP int range. > > If user are using type hints everywhere, it may be limited to attackers > seeing fatal errors. If not, attacker can succeed system wide DoS attack by > simple operation. > I should have mentioned that I'm supposing DBMS like SQLite here. As we know, SQLite column accepts any value including value beyond 64 bit int. https://www.sqlite.org/datatype3.html (Those who don't now "Type Affinity", please read the section) SQLite is the most used RDBMS in the world. MySQL supports unsigned 64 bit integer also, BTW. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
