On Wed, 21 Nov 2001 10:31:42 -0500, Chris McDonough <chrism@digicool.com> wrote:
Zope's http layer simply wasnt designed with this kind of robustness in mind, and its only a small exaggeration to say that *everything* is wrong.
Maybe it wasn't designed for it, but it's being used as if it was. ;-)
mmm. Im a bit out of touch with adminstrators documentation. Does it raise these issues?
Also, Im not sure its worth the effort. This isnt the only compelling reason for using a font-end proxy. Using a proxy makes this problem a non-issue, so why bother fixing it?
Well, I'm not sure what "it" is, yet, so I don't have a sense of the cost involved. If there is a bit of low-handing fruit that takes away some of the brokkenness, it'd be nice to put in..
I recall a couple of the details.... It collects HTTP headers in memory until the headers head. An attacker can consume all memory by sending endless headers. Additionally, it builds up the headers by appending what is read to a string. An attacker can consume all processor time by sending headers one byte at a time, since string appends are O(n*n). There were some other problems too, plus, as I mentioned, a general feeling that it wasnt designed to do this job.
It's conceivable that a proxy could tickle one of these bugs just as well as a user, no?
Im most familiar with squid, which goes to some lengths to eliminate such silliness from the http conversation. Last time I look at this, I was satisfied that squid was good enough for me. Of course when it comes to bugs, never say never. Toby Dickenson tdickenson@geminidataloggers.com