Changes between Version 7 and Version 8 of Ticket #1005, comment 23
- Timestamp:
- 06/28/16 21:59:16 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1005, comment 23
v7 v8 9 9 As it is, the Amazon ELB to nginx timeout incompatibility could be used in theory as an attack vector. An attacker could send many intentionally incorrect POSTs knowing that nginx will timeout and cause the Amazon ELB to block for 60 seconds, thus over-whelming the ELB upstream connections and blocking the service for others. So this is the type of situation that would be uncovered via Fuzz Testing. It's just a coincidence that I discovered it in regular production traffic. 10 10 11 Also, thank you for patiently discussing this issue. 12 11 13 [1] https://en.wikipedia.org/wiki/Fuzz_testing
