feophant icon indicating copy to clipboard operation
feophant copied to clipboard

Published 20 hours ago verified publisher icon chotchki

Fix pg codec DDOS vulnerability

Open chotchki opened this issue 3 years ago • 0 comments

  • The codec that parses the network traffic is pretty naive. You could make the server allocate 2GB of data for a DDOS easily.
    • We should either add state to the codec or change how it parses to produce chunked requests. That means that when the 2GB offer is reached the server can react and terminate before we accept too much data. Its a little more nuanced than that, 2GB input might be okay but we should make decisions based on users and roles.

chotchki avatar Aug 21 '21 18:08 chotchki