update hitman post with slug guard

2024-03-31 17:36:08 -07:00 · 2024-03-31 17:36:08 -07:00 · 6ab8c71b11
commit 6ab8c71b11
parent d72bfc5e2b
1 changed files with 7 additions and 0 deletions
--- a/content/sundries/hitman/index.md
+++ b/content/sundries/hitman/index.md
@ -2,6 +2,7 @@
 title = "Hitman: another fine essential sundry service from Nebcorp Heavy Industries and Sundries"
 slug = "hitman"
 date = "2024-03-31"
+updated = "2024-03-31"
 [taxonomies]
 tags = ["software", "sundry", "proclamation", "90s", "hitman", "web"]
 +++
@ -76,6 +77,12 @@ but the `Origin` headers can be trivially forged. On the other hand, the worst s
 add a bunch of junk to my DB, and I don't care about the data that much; this is all just for
 funsies, anyway!

+Still, after writing this out, I realized that someone could send a bunch of junk slugs and hence
+fill my disk from a single IP, so I [added a check against a set of allowed
+slugs](https://git.kittencollective.com/nebkor/hitman/commit/89a985e96098731e5e8691fd84776c1592b6184b)
+to guard against that. Beyond that, I'd need to start thinking about being robust against a targeted
+and relatively sophisticated distributed attack, and it's definitely not worth it.
+
 ## The front end

 I mentioned that this blog is made using Zola, a static site generator. Zola has a built-in