Re: Preventing Denial of Service Attack In IPC Serialization
On Jul 4, 3:55 am, c...@mailvault.com wrote:
Jarl has answered what you are saying numerous times. He includes
a message size/header that applications can check to limit their
vulnerability to such an attack. It isn't difficult to keep track
of how many bytes remain in a message and pass that to a
load_collection/Receive function. The function uses that to
check the sanity of the count value that it gets.
Jarl also claimed that Jeff was "beating a dead horse", implying that
there is no problem.
Solutions aside, do you or do you not agree that, today, in 2007, 4 of
July, Boost Serialization is doing what I said we should avoid in my
OP
Do you agree that Boost Serialization is using an implementation that
is subject to DoS as I wrote in my original post?
There are many people who are reading these posts would like to know a
simple yes/now answer to this question, because they might alter their
inclination to use such a framework in the nude if the answer is
"yes".
-Le Chaud Lapin-
--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]