ID: 14707
Updated by: daniel
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Scripting Engine problem
Operating System: Any OS, any PHP version
PHP Version: 4.1.0
New Comment:
I already told you by private mail, sorin, that this is the
responsibility of the PROGRAMMER, not the language itself. your request
sounds like "please remove unlink() from PHP, it allows people to
destroy data". It's YOUR responsibility to develop a site structure
which doesn't take down your whole server just because more than 10
people visit it at the same time.
Feel free to discuss this topic with me privately. It doesn't belong
here at all.
Kind Regards,
Daniel Lorch
Previous Comments:
------------------------------------------------------------------------
[2002-01-12 18:24:14] [EMAIL PROTECTED]
By "limiting the amount of connections for an IP" as you said is NOT a
solution. Let's say my script intergogates a database or open a file on
the web like $a=file("http://example.com/news.txt";); then if you set
the maximum no. of connections and my site has many visitors (several a
sec), then your solution is not reliable. I belive a better solution is
the one above, plus even if you set the max no of connections to 2, I
can make the script above run forever in 2 instances, even if you close
your browser and maximum execution time is only one sec. Just tested
it.
Sorin Facaoaru - Sorin Media Inc.
------------------------------------------------------------------------
[2002-01-12 16:19:28] [EMAIL PROTECTED]
You must design the PHP scripting language in such way so everytime a
script ends (naturaly or forced), the PHP server must close all open
socket connections of the ending script by sending a TCP closing
request (FIN) to every opened socket. Also, the server administrator
should have the power to set the maximum simultaneous socket
connections for each server account.
Sorin Facaoaru - Sorin Media Inc.
------------------------------------------------------------------------
[2001-12-26 19:08:07] [EMAIL PROTECTED]
here's another discovery:
while(true)
mail("[EMAIL PROTECTED]", "this is a mailbomb", "blub");
------------------------------------------------------------------------
[2001-12-26 19:06:19] [EMAIL PROTECTED]
I forgot to /bogus
------------------------------------------------------------------------
[2001-12-26 19:04:23] [EMAIL PROTECTED]
well, DoS is nothing new. thanks for re-descovering it. this is not a
PHP bug (same problem applies to virtually any language: C, Python,
Perl ..). it's a general security issue. you might solve it by limiting
the amount of connections for an IP.
Kind Regards,
Daniel Lorch
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=14707
Edit this bug report at http://bugs.php.net/?id=14707&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
