These are chat archives for deployd/contributors

26th
Jan 2015
Andrei Alecu
@andreialecu
Jan 26 2015 18:18
started crashing my server by mistake and found this
deployd/deployd#495 the query was malformed, but it can be used as denial of service otherwise, just hit that an url like /collection/id?{"$fields":"crash"}
and the server crashes
Nicolas Ritouet
@NicolasRitouet
Jan 26 2015 20:21
nice catch :+1:
for the next PR, can you add the context in the message? Just like what you just explained here for example
Andrei Alecu
@andreialecu
Jan 26 2015 20:40
well, I actually didn't want to add too much info
because it can be used as denial of service against current version of deployd really easily
and it's just a security fix mostly, there are no valid reasons why you would try to do that for legit purposes
Nicolas Ritouet
@NicolasRitouet
Jan 26 2015 20:43
ok, good point :)