Comment 19 for bug 1196932
Revision history for this message
| Samuel Merritt (torgomatic) wrote Re: Possibly DoS attack using object tombstones | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
Okay, so this seems like it actually constitutes a DoS attack. Ugh.
How's this sound for a proposed fix:
Make it so the object server returns 409 Conflict if you try to make something with an X-Timestamp older than the new thingy on disk. Strictly speaking, this is probably the only bit that has to be done to fix the hole. That's DELETE, PUT, and POST.
This is basically what Peter's patch does, only for more verbs.