ngiddings
commented
9 years ago This isn't relevant to the web app code, and has been moved to a table containing our tasks to harden the network.
Closed ngiddings closed 9 years ago
ngiddings
commented
9 years ago This isn't relevant to the web app code, and has been moved to a table containing our tasks to harden the network.
As of now, it is very possible to query a complete list of all videos from the database. In fact, the front page does so, but limits the results to a maximum of 60. That makes it trivial to find all videos at once, so it would be relatively easy for an attacker to scape our video database.
I don't know much about SQL, so there isn't a lot I can say about implementing this, but there must be limits to one's ability to query large amounts of information. The application servers should not have the ability to request mass tables of information on videos or users, like it could on the homepage.