W3C home > Mailing lists > Public > www-validator@w3.org > April 2003

Re: Self-reference possible with validation service

From: Terje Bless <link@pobox.com>
Date: Sun, 20 Apr 2003 05:51:03 +0200
To: W3C Validator <www-validator@w3.org>
cc: SteveC <steve@fractalus.com>
Message-ID: <a0106000f-1025-4F5118BF72E311D7B5DF0030657B83E8@[193.157.66.23]>

SteveC <steve@fractalus.com> wrote:

I thought I'd replied to this, but now I suddenly can't find the reply in
my archives; so just to make sure this didn't fall through the cracks...

>It appears possible to ask the validator to check itself, then check
>itself checking itself, then check itself checking itself checking
>itself and so on recursively.
>
>I tried the first 6 levels of recursion and got a roughly linearly
>increasing delay of about and extra second per recursion level. This
>makes it interesting as a DoS attack as you could cause multiple amounts
>of load on the machine for trivial increase in network traffic.
>
>I don't know if it is actually calling itself, but the increasing load
>time would seem to suggest it.

Yes, this is actually somewhat of a known issue, though it's good that you
point out that this is a potential Denial of Service issue. The problem is
that it's hard to protect against this sort of thing, at least in a
consistent and reliable manner.

I think we'll at the very least implement some fenceposts for this for
validator.w3.org, but I'm not sure I can see any reliable way to deal with
this in the general case (local installations, say).

I've logged this as Bug #204
<http://www.w3.org/Bugs/Public/show_bug.cgi?id=204>. Feel free to add
yourself to the CC list if you would like to track progress on this issue.

-- 
Now Playing "Mississippi Goddam" by "Nina Simone"",
 from the album "Feeling Good - The Very Best Of".
Received on Saturday, 19 April 2003 23:51:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:08 GMT