Comment 46 for bug 1545092
Revision history for this message
| Hemanth Makkapati (hemanth-makkapati) wrote | #46 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Luke's note looks good to me.
Regarding image_properties and image_tags table, +1 to what Brian mentioned. But, the solution there is rate-limiting again. So, if we are recommending that people use rate-limiting in general, what Brian mentioned would be addressed with that (unless we are recommending rate-limiting specifically on image create, which we we are not. So, we should be okay).
Also, I wonder if we should mention explicitly that rate-limiting really doesn't eliminate the attack mentioned here. It only slows it down.