Forums / Developer / [Ez Crew] How to stop this kind of DB flood ?! [IMPORTANT]

[Ez Crew] How to stop this kind of DB flood ?! [IMPORTANT]

Author Message

Selmah Maxim

Sunday 01 June 2003 8:29:08 am

Hi ..

[I THINK]

With small lines of js i can make ez.no DB full ( eznode_assignment table,ezcontentobject_link table, ezcontentobject_version table, maybe more tables) within minutes , i mean i some houre you will find more than 1xxxxx in 1 table !!

I think u know what result you get if someone start such flood for db !
Check the draft system, and versions system !!!

if you think it`s ok, give try, flood try .

am trying now to stop draft, versions for users,editors, and maybe also for admin, this must be option for site owner i think .

if what am talking about is crap, then sorry for your time !

Björn [email protected]

Sunday 01 June 2003 3:48:02 pm

Hi Selma,

I recommend this book.

http://www.amazon.com/exec/obidos/tg/detail/-/0194314561/ref=pd_sim_books_3/002-7599755-3522407?v=glance&s=books

You might need it for futher discussions on certain topics.

It is good that you are aware of certain security issues of web-based software. Those kind and similar kinds of DOS attacks are possible with a lot of common web-based software. You can try to tear down all of them, if this is the point of your existance.

Björn Dieding

Looking for a new job? http://www.xrow.com/xrow-GmbH/Jobs
Looking for hosting? http://hostingezpublish.com
-----------------------------------------------------------------------------
GMT +01:00 Hannover, Germany
Web: http://www.xrow.com/

Selmah Maxim

Monday 02 June 2003 1:06:20 am

Ohh ... thx for this recommendation ;)

But am feeling well with my english grammar , and am not interested to learn more than this, coz i feel good with knowledge 4 language, plus the english, and it`s the most difficulty language in world (Hungarian,Hebrew,arabic,turkish) ... just try to learn 1 of them, then come with ur recommendation !!

The point is that u understand what am talking about (maybe), and the and still the solution waiting !

btw ... did u read the therad topic ,,, is was Ez crew, ez programmers !

Bård Farstad

Monday 02 June 2003 1:32:08 am

There is a potential db flood with eZ publish, you're right about that. However you can lock this down by saying that anonymous users are not allowed to create any objects.

You can also lock down specific modules/functions in eZ publish to set up a site which does not allow for anything but read access.

-bård

Documentation: http://ez.no/doc

Selmah Maxim

Monday 02 June 2003 1:38:48 am

Hi ..

I know this solution, but the better if we can lock down the draft system and versions for users.

I had made some section which request registered users, and if user have account he can flood also the DB with his account, he can make alot of drafts and copies of his account !

Can we stop the draft system and veriosns for users, from ini files ?