[Moin-user] inline vs. attached movies, and potential for DoS attacks.
kenneth.m.mcdonald at sbcglobal.net
Tue Oct 18 13:05:05 EDT 2005
I've a question about inlining vs. attaching movies, and as a result
of experimenting with this, also want to report a potential Denial of
Service attack, one that can't be easily rectified (at least not in
my browser) by reversions or editing.
Our site is likely to have a large number of small tutorial videos.
At the moment, I'm using attachment:file.mov to include them.
Clicking on this link brings up (in the two browsers I've tried, at
least) another browser window that plays the movie back in a movie
Ideally, I'd like the movie player to appear right in the Moin page,
so the user need merely click on the "play" button to view the movie.
I seem to recall seeing this sort of thing on other sites, so believe
it should be possible at the HTML level.
Now the DoS attach. I tried the obvious, "inline:file.mov". After
this, attempting to view the page resulted in the omission of
anything after that entry, but attempting to _edit_ the page, or view
page differences, seemed to hang my browser (Safari). I tried this a
couple of times, and then went into my site via terminal and fixed
the problem in emacs.
More information about the Moin-user