just noticed this post on the Google Operating System blog that shows how to backup your blogspot hosted blog, it basically allows you to run a query like this:
http://ebersys.blogspot.com/search?max-results=N
that retrieves N posts for such blog
but what if the bad guys just decide to use that and query a bunch of blogspot pages all at the same time? that would be a lot of data coming from the google servers, I just tried this one
http://googlesystem.blogspot.com/search?max-results=2000
and it took quite a while to download
the fix would be easy, they can put restrictions on who can run the query, for example just require that the blogspot user is authenticated and you can only run the query on your blog
unless google doesn't care and they can handle that just fine, we'll see
As a general rule, unless you are part of google, don't allow your users to run queries that return all the rows in your tables... is not a good thing
Friday, February 09, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment