How can you prevent denial of service attacks? Most of the techniques you’ll use to prevent a DOS attack are network related. This podcast is about programming so I’ll explain some things you can do that will make your software more resistant to attack. This episode continues the discussion from last week and builds on the same silly story. We’ll go back to the regular QA Fridays next week.
The audio goes into more detail but if I had to sum up the main lesson from the podcast, it would be this:
Don’t let a client machine spend a small amount of work that causes your program running on a server to spend a large amount of work unless you are sure that the request is legitimate. And even then, you will want to spread this work so it’s even. Don’t let even legitimate customers overflow your services.
You want to validate requests as soon as possible. This first check may not even be a complete check. All it needs to do is some simple sanity checks to make sure that a request looks somewhat legitimate. If you find something suspicious or obviously wrong, then also don’t spend a lot of time preparing a long response. Either completely forget about the request or send a short and quick response.