Re: Self-reference possible with validation service

SteveC <steve@fractalus.com> wrote:

I thought I'd replied to this, but now I suddenly can't find the reply in
my archives; so just to make sure this didn't fall through the cracks...

>It appears possible to ask the validator to check itself, then check
>itself checking itself, then check itself checking itself checking
>itself and so on recursively.
>
>I tried the first 6 levels of recursion and got a roughly linearly
>increasing delay of about and extra second per recursion level. This
>makes it interesting as a DoS attack as you could cause multiple amounts
>of load on the machine for trivial increase in network traffic.
>
>I don't know if it is actually calling itself, but the increasing load
>time would seem to suggest it.

Yes, this is actually somewhat of a known issue, though it's good that you
point out that this is a potential Denial of Service issue. The problem is
that it's hard to protect against this sort of thing, at least in a
consistent and reliable manner.

I think we'll at the very least implement some fenceposts for this for
validator.w3.org, but I'm not sure I can see any reliable way to deal with
this in the general case (local installations, say).

I've logged this as Bug #204
<http://www.w3.org/Bugs/Public/show_bug.cgi?id=204>. Feel free to add
yourself to the CC list if you would like to track progress on this issue.

-- 
Now Playing "Mississippi Goddam" by "Nina Simone"",
 from the album "Feeling Good - The Very Best Of".

Received on Saturday, 19 April 2003 23:51:27 UTC