Welcome Guest, Not a member yet? Register   Sign In
DOS attack possibility on cached pages
#1

[eluser]vrencianz[/eluser]
Cached pages are vulnerable to DOS attack by making the cache size as large as the host storage size is.

Take the following controller and view as example:

Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Test extends CI_Controller
{
function index()
{
  $this->output->cache(60);
  
  $this->load->view('testview');
}
}


testview.php
Code:
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod ...</p>

Then requests like:

Code:
http://localhost/test/index/1/
http://localhost/test/index/1/2
http://localhost/test/index/1/23
http://localhost/test/index/1/234
...

work and generate different cache files inside the 'cache' directory.

<b>Update</b>

This can be prevented from developer side by testing the number of segments from the url and rejecting those having more than expected. Hm.


Messages In This Thread
DOS attack possibility on cached pages - by El Forum - 06-05-2012, 10:57 AM
DOS attack possibility on cached pages - by El Forum - 06-10-2012, 09:49 AM



Theme © iAndrew 2016 - Forum software by © MyBB