Re: IPP> Document Object Spec Comments... [Validate-Job for each document vs. Create-Document/Send-Data]

• Previous message: Hastings, Tom N: "IPP> Document object spec Conformance ISSUES and proposals for Operati ons"
• In reply to: Hastings, Tom N: "RE: IPP> Document Object Spec Comments... [Validate-Job for each document vs. Create-Document/Send-Data]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hastings, Tom N wrote:
> ...
> Why do Create-Document and Send-Data open up any more security holes
> that Create-Job and Send-Document don't already open up? Aren't the
> Printer defenses the same for each security hole pair? But it would
> be good to have separate new status codes for too many Create-Jobs
> and too many Send-Documents or Create-Documents.

Create-Document opens up an additional security hole because there is
an additional operation which consumes server resources. Since there
is currently no way to tell the client that the server cannot create
any more documents, there is no way to reliably limit the maximum
number of outstanding documents in a job, it also opens up another
DoS attack, i.e. the client will see any failure in the current spec
as a reason to retry indefinitely...

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike@easysw.com
Printing Software for UNIX                       http://www.easysw.com

• Next message: Zehler, Peter: "RE: IPP> Document object spec Conformance ISSUES and proposals fo r Operations"
• Previous message: Hastings, Tom N: "IPP> Document object spec Conformance ISSUES and proposals for Operati ons"
• In reply to: Hastings, Tom N: "RE: IPP> Document Object Spec Comments... [Validate-Job for each document vs. Create-Document/Send-Data]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed May 14 2003 - 20:57:54 EDT