IPP> Document Object Spec Comments... [Validate-Job for each document vs. Create-Document/Send-Data]

IPP> Document Object Spec Comments... [Validate-Job for each document vs. Create-Document/Send-Data]

Mike Sweet mike at easysw.com
Wed May 14 20:56:52 EDT 2003


Hastings, Tom N wrote:
 > ...
> Why do Create-Document and Send-Data open up any more security holes
> that Create-Job and Send-Document don't already open up?  Aren't the
> Printer defenses the same for each security hole pair?  But it would
> be good to have separate new status codes for too many Create-Jobs
> and too many Send-Documents or Create-Documents.

Create-Document opens up an additional security hole because there is
an additional operation which consumes server resources.  Since there
is currently no way to tell the client that the server cannot create
any more documents, there is no way to reliably limit the maximum
number of outstanding documents in a job, it also opens up another
DoS attack, i.e. the client will see any failure in the current spec
as a reason to retry indefinitely...

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike at easysw.com
Printing Software for UNIX                       http://www.easysw.com




More information about the Ipp mailing list