English 中文(简体)
Grizzly 项目注意缓冲外流或拒绝服务攻击?
原标题:Does Grizzly Project take care of buffer overflow or denial of service attacks?

我搜查了许多东西,但是仍然不理解是否利用Grezzly意味着我受到保护,不受这些攻击,或者我应当作出更多努力?

目前,我方案唯一要做的是,我用以下代码将我的班子(用@Path——使用泽西岛的Im)部署到格里兹:

final Map<String, String> initParams = new HashMap<String, String>();
initParams.put("com.sun.jersey.config.property.packages","MyServer.resources");
SelectorThread threadSelector;
try{
    threadSelector = GrizzlyWebContainerFactory.create(
 uri, initParams);
    System.out.println("Press enter to stop server...");
    System.in.read();
    threadSelector.stopEndpoint();
}catch(...){...}

在我的资源方法中,我可以查阅一份我没有具体说明其规模的日本宇宙航空研究开发机构(我不知道现在能否检查规模以避免收到大量请求——如果有人告诉我的话,那将大有帮助)。 因此,我担心,袭击者可能连续发出大量要求(我的正常要求规模不应少于6名大豆!)并导致拒绝服务——我刚刚开始学习安全风险和处理安全风险,这是我第一次尝试!

我将检查请求书记员方法的体积,这是在服务器完全收到请求之后。 是否足够?

Grizzly文件说,它拥有良好的缓冲管理(我可能把缓冲外溢与拒绝服务混为一谈),但我不知道我是否应该确定任何环境,还是应该通过违约保护?

EDIT:

I have received a good answer to part of my question, but, I m still looking for some hints particularly about the Grizzly or Jersey and whether there is a single point of entry in which I can make some checks for all incoming requests?

感谢!

问题回答

如果你使用贾瓦,那么,如果你利用本地的法典图书馆处理你从网络上获得的 st子,那么你就完全免于传统的缓冲超支袭击。

另一方面,保护紧急状况不受拒绝服务攻击往往需要一种全系统办法。

http://www.ohchr.org。

通过“系统组合”办法,我指的是考虑到网络带宽、基础设施和后端服务器以及你的网络服务器受到的影响。 例如,针对你的网络带或国家航天中心的攻击,无论你如何执行你的网络服务器,都会把你带走。 另一端是,有人可能针对您的网络应用的各个方面,例如知道某一个问题非常昂贵......或它泄露了资源,并最终切断了你的申请。

(不是专家) 我只是想指出,仅仅看你的网站服务器平台是不够的......如果你真心要防范DDoS的话。

时间:2010-12-14 03:03:10


上一篇:
下一篇:


相关问题
Spring Properties File

Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...

时间:2009-11-13 05:05:41 回答:3 展示:1
Logging a global ID in multiple components

I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...

时间:2009-11-09 14:50:12 回答:4 展示:1
Java Library Size

If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...

时间:2009-11-09 14:44:57 回答:2 展示:1
How to get the Array Class for a given Class in Java?

I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....

时间:2009-11-05 09:41:59 回答:5 展示:1
SQLite , Derby vs file system

I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...

时间:2009-11-05 09:26:46 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全