Denial of Service is one well known kind of attack where a malicious client sends a large number of GET/POST requests to overwhelm the remote service. If you remember, this is how Yahoo! and a few other online brockerage services were attacked a few months ago. Use of appropriate architectural patterns could actually safeguard your website from denial of service attacks. For instance, you can provide a "Front Controller" that receives the requests, and dispatches it( RequestDispatcher, include/forward ) to the actual processing engine after doing some preliminary processing. This way, the work horse(s) of your website are not directly exposed to the attack and the Front Controller can be written to detect and handle multiple requests from the same client. This will also enable load balancing and distribution so that applications can scale under varying traffic conditions. Front Controller also happens to be the darling of popular web architects. It is one inevitable architectural strategy employed by many production websites today. Other kind of web attacks include
client intrusions - requesting protected resources through a GET. This can be avoided by making everything a secured resource( web-security-constraint ) and providing proper URL mappings to ones that can be exposed. Again, Front Controller can be very useful in detecting such intrusive requests and handling it appropriately.
Upload attacks - clients intentionally posting an extremley large amount of data using a GET/POST to overwhelm the service(s). Since multi-part request can support data uploads of unlimited length, nothing stops a client(exept the bandwidth restrictions ) to send gigabytes of useless data to engage the often poorly written servlet to start spinning endlessly. Again, Front Controller combined with some kind of data validation facades( such as one that inspects the size of uploaded data ) can prevent this from happening.
Hope that helps!
Open Group Certified Distinguished IT Architect. Open Group Certified Master IT Architect. Sun Certified Architect (SCEA).
bacon. tiny ad:
Devious Experiments for a Truly Passive Greenhouse!