[Catalyst] Emulate a "tar pit" for OpenID tests

Ashley apv at sedition.com
Tue Dec 9 04:36:25 GMT 2008


I want emulate a trap URL to test the OpenID stuff. The real world  
case is someone using a malicious OpenID URI which would effectively  
be a DoS against the OpenID consumer site by tying up processes (and  
bandwidth in a real attack). They'd go to initiate the OpenID  
transfers with the malicious URI and get stuck waiting and  
downloading huge amounts of "data."

I guess I can just do something like-

sub tarpit : Global {
     my ( $self, $c ) = @_;
     local $/ = 1;
     $c->response->content_type("text/html");
     # Expect an arbitrary, biggish amount of content; it's a lie.
     $c->response->headers->header("Content-length" => 1_024 * 1_000);
     sleep 1 && $c->response->write("sucker\n") while 1; # Send  
content forever, slowly.
}

So, my question for y'all is: How does that look? Better ideas? Is  
that close to a real world (operationally) case?

-Ashley




More information about the Catalyst mailing list