Win a copy of 97 Things Every Java Programmer Should Know this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • salvin francis
  • fred rosenberger

WEb Site aTTack

Ranch Hand
Posts: 110
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't found any Material on web-site attack
tell me if someone have or someone have any idea
Posts: 5782
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Denial of Service is one well known kind of attack where a malicious client sends a large number of GET/POST requests to overwhelm the remote service. If you remember, this is how Yahoo! and a few other online brockerage services were attacked a few months ago.
Use of appropriate architectural patterns could actually safeguard your website from denial of service attacks. For instance, you can provide a "Front Controller" that receives the requests, and dispatches it( RequestDispatcher, include/forward ) to the actual processing engine after doing some preliminary processing. This way, the work horse(s) of your website are not directly exposed to the attack and the Front Controller can be written to detect and handle multiple requests from the same client. This will also enable load balancing and distribution so that applications can scale under varying traffic conditions.
Front Controller also happens to be the darling of popular web architects. It is one inevitable architectural strategy employed by many production websites today.
Other kind of web attacks include
  • client intrusions - requesting protected resources through a GET. This can be avoided by making everything a secured resource( web-security-constraint ) and providing proper URL mappings to ones that can be exposed. Again, Front Controller can be very useful in detecting such intrusive requests and handling it appropriately.
  • Upload attacks - clients intentionally posting an extremley large amount of data using a GET/POST to overwhelm the service(s). Since multi-part request can support data uploads of unlimited length, nothing stops a client(exept the bandwidth restrictions ) to send gigabytes of useless data to engage the often poorly written servlet to start spinning endlessly. Again, Front Controller combined with some kind of data validation facades( such as one that inspects the size of uploaded data ) can prevent this from happening.

  • Hope that helps!
    bacon. tiny ad:
    Devious Experiments for a Truly Passive Greenhouse!
      Bookmark Topic Watch Topic
    • New Topic