Skip to content

Denial of service: requesting an export of non-existent pages #80

Closed
dandv opened this Issue Jul 9, 2011 · 0 comments

1 participant

@dandv
MojoMojo member
dandv commented Jul 9, 2011

Requesting /nonexistent-page fails as expected.

Requesting /nonexistent-page.export_html times uses up 100% CPU until the gateway times out. It's trivial to DOS the server this way.

@dandv dandv added a commit that referenced this issue Jul 16, 2011
@dandv dandv Prevent most actions from being run on non-existent pages (allow only…
… login/logout/register/recover_pass, and 'edit' to create the non-existent page). Fixes issue #36 and issue #80.
e687be3
@dandv dandv closed this Jul 21, 2011
@envi envi added a commit to envi/mojomojo that referenced this issue Aug 27, 2011
@dandv dandv Prevent most actions from being run on non-existent pages (allow only…
… login/logout/register/recover_pass, and 'edit' to create the non-existent page). Fixes issue #36 and issue #80.
ffa8e61
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.