The “beck” exploit. A popular web server supports a function named no2slash() whose purpose is to collapse multiple / characters. For example, the string /d1///d2////d3/test.html collapses to /d1/d2/d3/test.html. The original algorithm was to repeatedly search for a / and copy the remainder of the string:
Unfortunately, this code can takes quadratic time (for example, if the string consists of the / character repeated n times). By sending multiple simultaneous requests with large numbers of / characters, a hacker could deluge the server and starve other processes for CPU time, thereby creating a denial-of-service attack. Develop a version of no2slash() that runs in linear time and does not allow for this type of attack.
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here