1 reply to this topic

[Cataliste]

Since it has not been adressed by an Admin since the month I first found it, I am going public.

There needs to be a check in the search function requiring the Search to have a new search ID every go. If I perform a "New Topics" search, my search_id does not expire. So I can click "Go" in my browser and it will load the new results again without the 20 second limit. this performs 8 queries and through the use of an automated PERL script hosted on a webserver could bring codex to its knees via a DoS attack.

If I hosted the script on 5 servers, and executed them all at once, we are tlking over 5000 queries a second. can the mySQL database handle that? I think not.

Now fix it admins.

[Hydrogen]

This was fixed in the regular security updates that IPB releases.