Ticket #1714 (closed defect: fixed)

Opened 10 months ago

Last modified 8 months ago

Denial of service by download files from the network

Reported by: tarmo Assigned to: gabor
Priority: blocker Milestone:
Component: generic Version:
Keywords: Cc:
Time spent: 10.0h Time remaining:
Time planned:

Description

Christian points out:

The LeMill software has a DOS vector where you start downloading files from the network to bundle them up or something (Collection.py using downloadFiles function). You can't do that within a Zope request as this will cause Zope to hang up all threads when the other side of the network request is slow. This happened just now and I only could get the software to work again by disabling the function that causes this.

So someone should check this out urgently.

Change History

03/20/08 01:37:53 changed by gabor

  • owner changed from anonymous to gabor.
  • status changed from new to assigned.

03/25/08 15:26:46 changed by gabor

  • tt_spent set to 10.0h.

(In [2360]) ref #1714 spent 10h Replaced openURL calls with restrictedTraverse calls. Everything seem to be working except for the rss.gif file which isn't that important. If no other problems will arise this ticket can be closed.

05/12/08 17:34:30 changed by jukka

  • status changed from assigned to closed.
  • resolution set to fixed.

No-one has complained about uploading problems for a long time. I'll close this.