Server security

I made up some scenarios so you would better understand my questions.

First scenario:

Client knocks on the door. The server opens the door. Client says hey I want "start.html". Server answer and says here you go!

Second scenario:
Client knocks on the door. The server opens the door. Client says hey I want allpasswords. Server says piss off.

In this case the server gets a request and validates it. The request is not valid/approved so the client dont get anything.

Now I wonder is this following scenario possible?:

Client knocks on the door. The server opens the door. Client says hey I want allpasswords. Server says piss off. Client gets angry and beats the shit out of the server. Now the client can get through the door and search and find anything he wants.

I cant see how this scenario is possible in a client/server communication? That a client gets inside a entrie filesystem/machine with the "client/server" model.(meaning if the server doesn't send back anything, the client doesn't get anything either)

I can see how a server can maybe send back bad information if the request doesn't get validated, but nothing worse than that (like getting inside a computer and browse through files).

Can someone please give me some feedback on this?
Last edited on
Consider that "breaking down the door" could be
- buffer overflow attacks
- denial of service attacks
About DOS attacks. Is this possible if every new call/connection is placed in a queue with a max_size ?
that is the intent of the dos attack! If the queue fills up, what then? Additional incoming requests are dropped? Some of which are going to be legit: bam: denied service to the legit requests.

that is the intent of the dos attack! If the queue fills up, what then?


You tell me. I guess I cant avoid this, just be prepared to handle it. But how?

Maybe keep track on same ip's? But if someone has 1000000 unique connections ready with different ip's, or another similar scenario, then what?
Topic archived. No new replies allowed.