• #dev 2017-07-07
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2017-07-07 UTC
# 09:57
Zegnat
We were talking about different attack vectors in #indieweb-chat yesterday, and wanted to put this out there (logged) for people: a (g)zip bomb will not kill your server if you use PHP’s file_get_contents, it only fetches plain text. Most XML attacks will also not work against PHP’s DOMDocument XML parsing, though you may want to make sure not to e