the stuff Coquelicot does when it thinks it is at work

Thursday, August 11, 2005

more SALT stuff

Reiner found some "bugs" (I really would like to call them "features" but I can't) in SALT plugin. First of all, the syntax of date/time is not checked, so when a user malforms the data string (intentionally or not), plugin hangs. This needs to be fixed, too. After receiving a reply on my query on JBother forum, I think I'll give it a go and include my calendar widget. This should be easier for the user.

Other thing that we mentioned was possible "overflowing user with SALT messages" - and causing his machine to run out of resources, much in style of denial of service attack. Anyone could write a simple application for abusing SALT. The problem is, how to prevent this... installing filters, allowing only 5 SALTs/second or maybe something that would enable blocking SALTs from certain users?

We've found another bug right now: when SALT is send to the group, it is not send to everyone but n messages are sent to the first target. To be fixed.


Post a Comment

<< Home