Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Prevent or Mitigate Denial-Of-Service Attacks via plug-in code #32

Open
scalatron opened this issue May 7, 2012 · 1 comment
Open

Security: Prevent or Mitigate Denial-Of-Service Attacks via plug-in code #32

scalatron opened this issue May 7, 2012 · 1 comment
Labels
enhancement

Comments

@scalatron
Copy link
Owner

Time Estimate: a few hours.

Difficulty: Medium

Motivation: Any bot can simply use a while(true) {} to hang the tournament loop. This is acceptable in (relatively) trusted environments, such as hack-a-thons. Less ideal for systems that students are supposed to hack on at universities or schools. Completely unacceptable for a future web-hostable version of Scalatron.

How to Implement:

  • introduce a timeout on Akka Futures
  • Disable plug-in on timeout violation
  • Experiment with Thread.stop() to kill the plug-ins
@scalatron
Copy link
Owner Author

As a temporary solution, there is now a global timeout across all bots in 1.0.0.2 if the server is run with "-secure yes", but this is insufficient: we need per-bot timeouts, subsequent disabling of bots AND Thread.stop() on the culprit thread(s). Question is pending on the Akka mailing list.

@scalatron scalatron mentioned this issue May 12, 2012
Open
jmhofer pushed a commit to jmhofer/scalatron that referenced this issue Dec 22, 2016
@jcranky
Remove null usage from scalamd/Main (scalatron#32)
1e3c01d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@scalatron