[Moin-user] inline vs. attached movies, and potential for DoS attacks.

Kenneth McDonald kenneth.m.mcdonald at sbcglobal.net
Tue Oct 18 13:05:05 EDT 2005

I've a question about inlining vs. attaching movies, and as a result  
of experimenting with this, also want to report a potential Denial of  
Service attack, one that can't be easily rectified (at least not in  
my browser) by reversions or editing.

Our site is likely to have a large number of small tutorial videos.  
At the moment, I'm using attachment:file.mov to include them.  
Clicking on this link brings up (in the two browsers I've tried, at  
least) another browser window that plays the movie back in a movie  

Ideally, I'd like the movie player to appear right in the Moin page,  
so the user need merely click on the "play" button to view the movie.  
I seem to recall seeing this sort of thing on other sites, so believe  
it should be possible at the HTML level.

Now the DoS attach. I tried the obvious, "inline:file.mov". After  
this, attempting to view the page resulted in the omission of  
anything after that entry, but attempting to _edit_ the page, or view  
page differences, seemed to hang my browser (Safari).  I tried this a  
couple of times, and then went into my site via terminal and fixed  
the problem in emacs.


More information about the Moin-user mailing list