Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
White Dwarf Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Nest
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions, OSR, & D&D Variants
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
EN Publishing
Twitter
BlueSky
Facebook
Instagram
EN World
BlueSky
YouTube
Facebook
Twitter
Twitch
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions, OSR, & D&D Variants
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
Upgrade your account to a Community Supporter account and remove most of the site ads.
Community
General Tabletop Discussion
*Pathfinder & Starfinder
November 16th release for Web-based Character Builder
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="IronWolf" data-source="post: 5370047" data-attributes="member: 21076"><p>This is sort of a weak explanation for a 20 character limit. First, one would presumably need to have a DDI account to start uploading characters with a credit card on file. But let's go ahead and say this hacker that want's to take WotC down gets his stolen credit card number, signs up for an account and then proceeds to run this malicious script from 20 computers simultaneously.</p><p></p><p>It looks like from other posts that a fair number of dnd4e files are around 200kb in size. The same information in a DB table is quite likely to be less than that, but we'll go with 200kb. So 20 machines running the same script for an hour will generate 1.4GB of data. Working from there, rounding up to 1.5GB per hour means it would take 682 hours to generate 1TB worth of files. And even if the size of file is double the 200kb I worked with you are still going to need 341 hours to fill 1TB. Or even if the script runs in half the time, one still needs a good number of hours to cause harm via this method being used to justify the 20 characte limit.</p><p></p><p>So a 20 character limit seems to do nothing to really prevent an overnight attack of this manner other than frustrate the legitimate users of this system. It seems limiting simultaneous logins would do more to circumvent a scripted attack as described in the above quote.</p><p></p><p>And finally, anyone that wants to attack the WotC DDI servers is going to find a more traditional DDoS attack on their network and servers much more expedient than trying to fill up their disk space by uploading a multitude of fake 20th level characters.</p></blockquote><p></p>
[QUOTE="IronWolf, post: 5370047, member: 21076"] This is sort of a weak explanation for a 20 character limit. First, one would presumably need to have a DDI account to start uploading characters with a credit card on file. But let's go ahead and say this hacker that want's to take WotC down gets his stolen credit card number, signs up for an account and then proceeds to run this malicious script from 20 computers simultaneously. It looks like from other posts that a fair number of dnd4e files are around 200kb in size. The same information in a DB table is quite likely to be less than that, but we'll go with 200kb. So 20 machines running the same script for an hour will generate 1.4GB of data. Working from there, rounding up to 1.5GB per hour means it would take 682 hours to generate 1TB worth of files. And even if the size of file is double the 200kb I worked with you are still going to need 341 hours to fill 1TB. Or even if the script runs in half the time, one still needs a good number of hours to cause harm via this method being used to justify the 20 characte limit. So a 20 character limit seems to do nothing to really prevent an overnight attack of this manner other than frustrate the legitimate users of this system. It seems limiting simultaneous logins would do more to circumvent a scripted attack as described in the above quote. And finally, anyone that wants to attack the WotC DDI servers is going to find a more traditional DDoS attack on their network and servers much more expedient than trying to fill up their disk space by uploading a multitude of fake 20th level characters. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*Pathfinder & Starfinder
November 16th release for Web-based Character Builder
Top