[wildfly-dev] Shall we limit size of the deployment in WildFly?
Heiko W.Rupp
hrupp at redhat.com
Tue Nov 3 08:30:21 EST 2015
On 3 Nov 2015, at 14:19, David M. Lloyd wrote:
> I'm pretty sure that if an attacker has permission to upload deployments
> to the server, they already essentially have control over the server.
Well, uploads can be remotely, so this can be seen as a DOS
attack vector that does not necessarily require privileges
for (physical) access like (remote) shell.
And then I recall there being the zip bombs where a very small
file would unzip to a huge one. This is probably nothing that
could be caught by limiting the size of the upload.
Do we know if WF continues to work when e.g. the partition for
log files or other data is full?
--
Reg. Adresse: Red Hat GmbH, Technopark II, Haus C,
Werner-von-Siemens-Ring 14, D-85630 Grasbrunn
Handelsregister: Amtsgericht München HRB 153243
Geschäftsführer: Charles Cachera, Michael Cunningham, Paul Hickey, Charlie Peters
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/wildfly-dev/attachments/20151103/2fb6dfe4/attachment.bin
More information about the wildfly-dev
mailing list