----- Original Message ----- From: "Jason Murray" <[EMAIL PROTECTED]> To: "'Jason Soza'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 11:36 PM Subject: RE: [PHP] Nasty DoS in PHP | Windows only?
> > I'd be interested in knowing your versions and the versions > > of the first guy that posted about this. Maybe he has the same > > setup as me, or close enough, but both of us are different > > from you. > > Actually, I just thought about it - maybe you guys are both running > it on Windows (shame on you ;)). > > I *have* actually seen PHP bring down IIS with a setcookie command. > Since a setcookie issues headers, I thought "fine, screw you, I'll > set the headers myself", and it STILL brought IIS down. And indeed, > the load *did* skyrocket and require a reboot of the server. I know what you are saying. I've taken down apache on win32 with setcookie > > I asked around here at the time if anyone had experienced this (look > through the mailing list archive to find it) and at the time got > more of a congratulatory salute from the list members than any real > responses :) > > Maybe this is more of a PHP-on-IIS issue than an actual security > issue in PHP. > I'm pretty sure they ran PHP on apache, not IIS. Maybe this problem is only with the win32 version of the PHP module. Nonetheless, a bug is still a bug. It would be nice if it wasn't there=) > Jason > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
