Resource Exhaustion
Denial of service can occur when resource usage is disproportionately large in comparison to the input data that causes the resource usage.
This guideline is of greater concern for persistent, server-type systems than for desktop applications. Checking inputs for excessive resource consumption may be unjustified for client software that expects the user to handle resource-related problems. Even for client software, however, should check for inputs that could cause persistent denial of service, such as filling up the file system.
The Secure Coding Guidelines for the Java Programming Language [[SCG 2009]] lists some examples of possible attacks:
- Requesting a large image size for vector graphics, for instance, SVG and font files.
- "Zip bombs" whereby a short file is very highly compressed, for instance, ZIPs, GIFs and gzip encoded HTTP content.
- "Billion laughs attack" whereby XML entity expansion causes an XML document to grow dramatically during parsing. Set the XMLConstants.FEATURE_SECURE_PROCESSING feature to enforce reasonable limits.
- Using excessive disc space.
- Inserting many keys with the same hash code into a hash table, consequently triggering worst-case performance (O(n 2)) rather than typical-case performance (O(n)).
- Initiating many connections where the server allocates significant resources for each, for instance, the traditional "SYN flood" attack.
Rules for preventing denial of service attacks resulting from resource exhaustion include: