ietf-nntp Multiple AUTHINFOs per session
Ade Lovett
ade at lovett.com
Sun Jan 5 19:44:48 PST 2003
On 01/05/03 21:11, "Ken Murchison" <ken at oceana.com> wrote:
> "Jeffrey M. Vinocur" wrote:
>>
>> On 6 Jan 2003, Andrew Gierth wrote:
>>
>>> in many cases it's awkward to actually change the credentials
>>> associated with the session.
>>
>> I can imagine this in some implementations.
>
> How would this be used? And couldn't this been done by creating a new
> session?
Gee thanks. Creating a new session has a non-zero cost. So I could
probably DoS a server under this scheme by sending repeated requests (let's
be clever and bounce between two accounts, rather than sending the same
account information over and over to defeat the (if same(username) and
same(password) do buggerall).
-aDe
More information about the ietf-nntp
mailing list