[tahoe-lafs-trac-stream] [tahoe-lafs] #2192: cloud backend: denial of service attacks against XML parser
tahoe-lafs
trac at tahoe-lafs.org
Mon Feb 17 00:06:11 UTC 2014
#2192: cloud backend: denial of service attacks against XML parser
--------------------------------+------------------------------
Reporter: daira | Owner: daira
Type: defect | Status: new
Priority: minor | Milestone: undecided
Component: code-storage | Version: cloud-branch
Keywords: DoS cloud security | Launchpad Bug:
--------------------------------+------------------------------
A malicious cloud service could easily cause a DoS against the storage
server using some of the attacks described in
[https://pypi.python.org/pypi/defusedxml/]. This is not a particularly
serious attack as long as one storage server is associated with each cloud
service and that server is running in its own virtual machine, since then
the cloud service can only affect its own storage server. OTOH, switching
to a library that prevents these attacks would probably be
straightforward.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2192>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list