RE: [PHP] Re: [MOREINFO] How to prevent DoS on PHP script?

[Boyd, Todd M.]

 -Original Message-
 From: Michelle Konzack [mailto:[EMAIL PROTECTED]
 Sent: Saturday, June 21, 2008 8:10 AM
 To: php-general@lists.php.net
 Subject: [PHP] Re: [MOREINFO] How to prevent DoS on PHP script?
 
 Hello,
 
 I should note additionaly they http password protection is not realy
 an option since I have annonymous users which  upload  Debian  Sources
 and Packages...
 
 Also I the upload must work from any place in the  Net,  even  using
 M$ ware, any webbrowser, a cellphone or whatelse...

Well, you've basically screwed yourself. No authentication and allowing
anonymous users leaves your options for securing uploads pretty
scarce. Have you considered a client-side and server-side communication
solution? I.e., Java prog to run on the client to upload the stuff
(which could generate a password based on a hash and the current time or
something) and a server-side program to receive it (that ISN'T a
webserver)?


Todd Boyd
Web Programmer




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: [MOREINFO] How to prevent DoS on PHP script?

[Stut]

On 21 Jun 2008, at 14:10, Michelle Konzack wrote:
I should note additionaly they http password protection is not  
realy  an
option since I have annonymous users which  upload  Debian  Sources   
and

Packages...

Also I the upload must work from any place in the  Net,  even   
using  M$

ware, any webbrowser, a cellphone or whatelse...


If you can't protect the upload URL by giving authorised users  
something then you have no chance at all. If you allow anonymous users  
to do something then you allow the bad guys to do it too.


Your only hope is to do some traffic shaping on uploads but you'll  
probably find that'll piss legitimate users off more than it will  
people trying to abuse it.


-Stut

--
http://stut.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php