- From: Terje Bless <link@pobox.com>
- Date: Sun, 20 Apr 2003 05:51:03 +0200
- To: W3C Validator <www-validator@w3.org>
- cc: SteveC <steve@fractalus.com>
SteveC <steve@fractalus.com> wrote: I thought I'd replied to this, but now I suddenly can't find the reply in my archives; so just to make sure this didn't fall through the cracks... >It appears possible to ask the validator to check itself, then check >itself checking itself, then check itself checking itself checking >itself and so on recursively. > >I tried the first 6 levels of recursion and got a roughly linearly >increasing delay of about and extra second per recursion level. This >makes it interesting as a DoS attack as you could cause multiple amounts >of load on the machine for trivial increase in network traffic. > >I don't know if it is actually calling itself, but the increasing load >time would seem to suggest it. Yes, this is actually somewhat of a known issue, though it's good that you point out that this is a potential Denial of Service issue. The problem is that it's hard to protect against this sort of thing, at least in a consistent and reliable manner. I think we'll at the very least implement some fenceposts for this for validator.w3.org, but I'm not sure I can see any reliable way to deal with this in the general case (local installations, say). I've logged this as Bug #204 <http://www.w3.org/Bugs/Public/show_bug.cgi?id=204>. Feel free to add yourself to the CC list if you would like to track progress on this issue. -- Now Playing "Mississippi Goddam" by "Nina Simone"", from the album "Feeling Good - The Very Best Of".
Received on Saturday, 19 April 2003 23:51:27 UTC