Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Can A Web Site Be Reliably Defended Against DoS Attacks?
 Dare Obasanjo wrote: > how would you solve the problem exploited by > this current virus on any one of the popular operating systems existing > today? You serious? You want me to solve one of the Internet's biggest problems, when the world's largest software company hasn't been able to do so? Wow, such faith you have in me, it's humbling. :) Anyhow, here's a couple of ideas. They don't solve the problem of how you get all those customers who are new screwed by the original crappy versions to upgrade. 1. The only thing you can do with an email attachment is SAVE it. That probably meets the 80/20 rule. 2. Provide separate executables that are viewer-only versions of the Office Suite. (Don't use the standard program with a flag as that's susceptible to stack-smash attacks. If the code isn't in the executable, it can't be run. Along those lines, use a special version of LoadDLL that limits where it will load from) Ensure attachments can only run those programs. Make it extensible, by providng an "Attachment Exectuables" directory, and let others add programs into there. Prior art: http://research.sun.com/research/techrep/1997/abstract-60.html I think I created the concept -- I should have filed a patent. :) /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
