[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Can A Web Site Be Reliably Defended Against DoS Attacks?


how to solve dos attacks
Dare Obasanjo wrote:
> how would you solve the problem exploited by
> this current virus on any one of the popular operating systems existing
> today?

You serious?  You want me to solve one of the Internet's biggest 
problems, when the world's largest software company hasn't been able to 
do so?  Wow, such faith you have in me, it's humbling. :)

Anyhow, here's a couple of ideas.  They don't solve the problem of how 
you get all those customers who are new screwed by the original crappy 
versions to upgrade.

1.  The only thing you can do with an email attachment is SAVE it. That 
probably meets the 80/20 rule.

2.  Provide separate executables that are viewer-only versions of the 
Office Suite.  (Don't use the standard program with a flag as that's 
susceptible to stack-smash attacks.  If the code isn't in the 
executable, it can't be run.  Along those lines, use a special version 
of LoadDLL that limits where it will load from)  Ensure attachments can 
only run those programs.  Make it extensible, by providng an "Attachment 
Exectuables" directory, and let others add programs into there.

Prior art: http://research.sun.com/research/techrep/1997/abstract-60.html
I think I created the concept -- I should have filed a patent. :)

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.