Remote recursion - security flaw or just annoyance?
Posted: Wed Nov 07, 2007 3:57 am
Assume you have a section in your code which can (under rare circumstances) potentially be used to cause recursion on your server until the script times out. Is this a security flaw or something not worth worrying about?
The only reason I haven't fixed it, is because the fix is hackish in nature and the only way to prevent this exploit from happening at the code level.
Do you hack it in order to patch it up or leave it up to the system to handle these rare circumstances?
The only reason I haven't fixed it, is because the fix is hackish in nature and the only way to prevent this exploit from happening at the code level.
Do you hack it in order to patch it up or leave it up to the system to handle these rare circumstances?