[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Data Haven problems
-----BEGIN PGP SIGNED MESSAGE-----
While programming my data haven code, I am wondering how to guard against
spamming the data haven parser. It is trivial to mount a denial of
service attack by repeatedly mailing large files. which will fill up the
quota or filesystem of the data haven host, and if you have mail on a
root partition, will cause hangs or crashes.
Any ideas on how to guard against mailbombs, and to confirm to the sender
that their files are stored successfully? Perhaps do a mailing with
a test command that validates the existance of the file, and sends a
reply back wether the file is okay or not, or would this result in a
possible security hole?
As to the code, this will have to be my second rewrite as I am going to
do it in perl code, rather than C... last rewrite was from a daemon to
a program activated by a .forward file.
Lastly, instead of postage (like a remailer would get), how hard would it
be to implement "rent" where if the "rent" is not paid, and a grace period
has elapsed the file would be trashed. All this while preserving the
anonymity of the sender and the data haven site.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----