I want emulate a trap URL to test the OpenID stuff. The real world
case is someone using a malicious OpenID URI which would effectively
be a DoS against the OpenID consumer site by tying up processes (and
bandwidth in a real attack). They'd go to initiate the OpenID
transfers with the malicious URI and get stuck waiting and
downloading huge amounts of "data."
I guess I can just do something like-
sub tarpit : Global {
my ( $self, $c ) = @_;
local $/ = 1;
$c->response->content_type("text/html");
# Expect an arbitrary, biggish amount of content; it's a lie.
$c->response->headers->header("Content-length" => 1_024 * 1_000);
sleep 1 && $c->response->write("sucker\n") while 1; # Send
content forever, slowly.
}
So, my question for y'all is: How does that look? Better ideas? Is
that close to a real world (operationally) case?
-Ashley
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
