Re: const time authentication in bozohttpd

To: Terry Moore <tmm%mcci.com@localhost>
Subject: Re: const time authentication in bozohttpd
From: shm <shm%netbsd.org@localhost>
Date: Wed, 25 Jun 2014 14:10:03 +0000

On Wed, Jun 25, 2014 at 07:02:09AM -0500, Terry Moore wrote:
> Perhaps this is a silly comment; but wouldn't it be easier to simply time
> stamp the incoming request, and then spin for any authentication failure
> until a suitable fixed time has elapsed after the inbound arrival? Or are
> you worried about local cache-interference attacks as well?

It might be a solution, but I don't see any reasonable implementation, i.e.
it would be hard to guess how long the code will run. I'm not worried about
local cache-interference, I want to countermeasure attackers from the remote.

 Kind Regards,
 shm@

Follow-Ups:
- RE: const time authentication in bozohttpd
  - From: Terry Moore

Prev by Date: Re: sed -u option
Next by Date: Re: const time authentication in bozohttpd
Previous by Thread: Re: const time authentication in bozohttpd
Next by Thread: RE: const time authentication in bozohttpd
Indexes:

Home | Main Index | Thread Index | Old Index