>>This is a classic denial-of-service which is impossible to defend against at >>the application level. > > Nonsense. It's a result of a design flaw (process per connection, with the >process assigned before the connection is validated along with a limited >number of processes) in the application. It could be defended against at the >application level any number of ways.
It doesn't matter if the design is one process per connection or one thread per connection. The Apache server accepts the connection and waits for data until a timer expires. If a malicious client has enough resources, it can consume all available connections until the server times them out. And then the client can try it all over again. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
