Skip to content
This repository has been archived by the owner on Apr 15, 2023. It is now read-only.

Fix pg codec DDOS vulnerability #19

Open
chotchki opened this issue Aug 21, 2021 · 0 comments
Open

Fix pg codec DDOS vulnerability #19

chotchki opened this issue Aug 21, 2021 · 0 comments
Labels
bug Something isn't working

Comments

@chotchki
Copy link
Owner

  • The codec that parses the network traffic is pretty naive. You could make the server allocate 2GB of data for a DDOS easily.
    • We should either add state to the codec or change how it parses to produce chunked requests. That means that when the 2GB offer is reached the server can react and terminate before we accept too much data. Its a little more nuanced than that, 2GB input might be okay but we should make decisions based on users and roles.
@chotchki chotchki added the bug Something isn't working label Aug 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chotchki