IPP Mail Archive: Re: IPP> Document Object Spec Comments...

IPP Mail Archive: Re: IPP> Document Object Spec Comments...

Re: IPP> Document Object Spec Comments... [Validate-Job for each document vs. Create-Document/Send-Data]

From: Mike Sweet (mike@easysw.com)
Date: Wed May 14 2003 - 20:56:52 EDT

  • Next message: Zehler, Peter: "RE: IPP> Document object spec Conformance ISSUES and proposals fo r Operations"

    Hastings, Tom N wrote:
    > ...
    > Why do Create-Document and Send-Data open up any more security holes
    > that Create-Job and Send-Document don't already open up? Aren't the
    > Printer defenses the same for each security hole pair? But it would
    > be good to have separate new status codes for too many Create-Jobs
    > and too many Send-Documents or Create-Documents.

    Create-Document opens up an additional security hole because there is
    an additional operation which consumes server resources. Since there
    is currently no way to tell the client that the server cannot create
    any more documents, there is no way to reliably limit the maximum
    number of outstanding documents in a job, it also opens up another
    DoS attack, i.e. the client will see any failure in the current spec
    as a reason to retry indefinitely...

    -- 
    ______________________________________________________________________
    Michael Sweet, Easy Software Products                  mike@easysw.com
    Printing Software for UNIX                       http://www.easysw.com
    



    This archive was generated by hypermail 2b29 : Wed May 14 2003 - 20:57:54 EDT