[Devel] msilo dos
Daniel-Constantin Mierla
daniel at voice-system.ro
Mon Sep 11 09:24:37 CEST 2006
On 09/10/06 21:59, Juha Heinanen wrote:
> currently there is no limit how many messages a user can have stored in
> silo table. this is clearly a big dos security problem that needs to be
> fixed.
>
yes, some check must be done, indeed. One can use now pike module to
detect flooding, and there is an expire time for stored messages.
What you proposed cand be done via avp_db_query() from the script. You
can load the count of stored messages per user in an avp and check it
directly in the script.
Cheers,
Daniel
> i suggest to add a module parameter max_message_count or something like
> that. the downside is that m_store will require two db operations, but
> there is nothing we can do about that.
>
> comments?
>
> -- juha
>
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>
>
More information about the Devel
mailing list