I4:FeatureTest-Selector DOS Avoidance
From OSIS Open Source Identity Systems
Revision as of 00:24, 15 June 2008 by Mike.Jones (Talk | contribs) (Browser DOS Avoidance -> Identity Selector DOS Avoidance)
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|FeatureTest-Selector DOS Avoidance}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Identity Selector DOS Avoidance|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=FeatureTest,from={{#var:page}},namespace=I4|copy]] [[Special:Call/DT Articles list XML,type=FeatureTest,title={{#var:page}},namespace=I4|as XML]] edit |
| {{#if:|Feature Test |Feature Test }} | Identity Selector DOS Avoidance |
| Test Type | bgcolor={{{color}}}}}|Selector Invocation |
| Identifier | bgcolor={{{color}}}}}|FTR-iis-rptrigger-5 |
| Description | bgcolor={{{color}}}}}|Tests that it is possible to escape a DOS loop where control is constantly sent to the selector |
| Role tested | bgcolor={{{color}}}}}|Information Card Identity Selector |
| Known Successful Reference Solution(s) | bgcolor={{{color}}}}}|{{ #if: | [[I4:]]}}{{ #if: | [[I4:]]}} {{ #if: https://pamelaproject.com/osis/catalyst-eu-07/form-submission/test3a.php | https://pamelaproject.com/osis/catalyst-eu-07/form-submission/test3a.php }} {{ #if: | }} |
| Success Criteria | bgcolor={{{color}}}}}|Selector is triggered (note that the transaction does not need to complete) |
| Failure Criteria | bgcolor={{{color}}}}}|Selector is not triggered |
Features Proven
{{#dpl:debug=1
|resultsheader=\n
|noresultsheader= {|\n|bgcolor=#eeeeee|No matching Feature found.\n|}\n
|category=Feature
|namespace=I4
|linksto=I4:FeatureTest-Selector DOS Avoidance
|nottitlematch = Feature.edit
|include={Feature}.viewfromtest
|includematch=/FeatureTest-Selector DOS Avoidance/s
|table=class=sortable,-,Feature,feature_type,solution_role
}}
Instructions
Caveats
- Note #1: this test is based on JavaSrcript submission - if you fail the Javascript Test, this test will not run for you.
- Note #2: this test will loop 20 times - long enough to try things to get out, but not indefinite. If you cannot escape the loop, just keep cancelling/exiting the selector, and control will eventually be restored.
- Note #3: The test is merely a form containing an information card object that posts to itself 20 times in a row. If you want to see exact source code, as meager as it is, contact Pam.
Instructions
- Open the result page for the solution for this particular featuretest.
- In a different browser tab or window, open the link to the test (listed above)
- Selector should immediately open -- if it does, choose to exit, or cancel (if you submit a card, it won't be read)
- Every time you exit the selector, you will be redirected back to a page which yet again auto-submits the selector.
- In the case of selectors which take control away from the user, there should be some way to disable the selector from starting the next time around, so that the evil looping code can be dealt with.
- Set outcome:
- If there was a way to pause and/or disable invocation of the Selector in order to terminate the loop, set the outcome to Works
- If you cannot get out of the loop, set the outcome to Fails
- If you saw specific issues, mark the outcome as "Issues" and outline the issues by commenting on the "Talk" tab of this page
- Add either four tilde ~~~~ signs or a text name into the "testedby" parameter
- Update the date tested, operating systems, and tested solutions parameters of the results page
