O'Reilly Open Source Convention
Books Safari Bookshelf Conferences O'Reilly Network

Arrow Home
Arrow Registration
Arrow Speakers
Arrow Keynotes
Arrow Tutorials
Arrow Sessions
Arrow At-a-Glance
Arrow Wiki
Arrow BOFs
Arrow Events
Arrow Exhibitors
Arrow Sponsors
Arrow Hotel/Travel
Arrow Venue Map
Arrow See & Do
Arrow Tips for
Arrow Press
Arrow Mail List



Protecting Your Open Discussion Forum
Jamie McCarthy, Programmer, Slashdot
Chris Nandor, Programmer, Slashdot

Track: Security
Date: Thursday, July 29
Time: 5:20pm - 6:05pm
Location: Salon I


Since open discussion makes a popular site more popular, every blogger and webmaster wants to invite public comments. From blogs, to corporate sites that have realized the power of community-building, to presidential candidates' campaign sites, open forums are all over the internet. And it's about damn time!

So now HTTP is the new SMTP -- with public commentary comes public abuse. If you're a programmer working on the next Orkut or LiveJournal, you should know how to fend off the hostiles with code.

McCarthy looks at the various issues related to unfriendly activity that a site open to the public will have to deal with:

  • "Crapflooding," or drowning your website in junk.
  • Distributed attacks that are YOUR problem, not your network administrator's.
  • Which jobs will your code delegate to paid staff, and which can your user community do?
  • What are the web's equivalent of buffer overruns -- the simple security mistakes you should avoid?
  • Escaping and stripping input text is harder than you think.

    And more, including case studies from recent attacks on Slashdot and Movable Type. If we can survive them, you can too!

  • O'Reilly Home | Privacy Policy

    © 2004, O'Reilly Media, Inc.