06-05-2012, 10:57 AM
[eluser]vrencianz[/eluser]
Cached pages are vulnerable to DOS attack by making the cache size as large as the host storage size is.
Take the following controller and view as example:
testview.php
Then requests like:
work and generate different cache files inside the 'cache' directory.
<b>Update</b>
This can be prevented from developer side by testing the number of segments from the url and rejecting those having more than expected. Hm.
Cached pages are vulnerable to DOS attack by making the cache size as large as the host storage size is.
Take the following controller and view as example:
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Test extends CI_Controller
{
function index()
{
$this->output->cache(60);
$this->load->view('testview');
}
}
testview.php
Code:
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod ...</p>
Then requests like:
Code:
http://localhost/test/index/1/
http://localhost/test/index/1/2
http://localhost/test/index/1/23
http://localhost/test/index/1/234
...
work and generate different cache files inside the 'cache' directory.
<b>Update</b>
This can be prevented from developer side by testing the number of segments from the url and rejecting those having more than expected. Hm.