Changes between Version 3 and Version 4 of Ticket #2192
- Timestamp:
- 2014-03-07T12:17:26Z (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #2192 – Description
v3 v4 1 A malicious cloud service could easily cause a DoS against the storage server using some of the attacks described in [https://pypi.python.org/pypi/defusedxml/]. This is not a particularly serious attack as long as one storage server is associated with each cloud service and that server is running in its own virtual machine, since then the cloud service can only affect its ownstorage server's virtual machine. OTOH, switching to a library that prevents these attacks would probably be straightforward.1 A malicious cloud service could easily cause a DoS against the storage server using some of the attacks described in [https://pypi.python.org/pypi/defusedxml/]. This is not a particularly serious attack as long as one storage server is associated with each cloud service and that server is running in its own virtual machine, since then the cloud service can only affect its associated storage server's virtual machine. OTOH, switching to a library that prevents these attacks would probably be straightforward.
