TinyDisk, A File System on Someone Else's Web App

Posted by ScuttleMonkey on Tuesday October 25, 2005 @12:04AM from the all-your-byte-are-belong-to-us dept.

Psy writes "I attended Phreaknic this weekend where Acidus released TinyDisk, a shared file system that runs on top of TinyURL or his own implementation NanoURL. TinyDisk compresses a file, encrypts it, and dices it into clusters. Each cluster is submitted to TinyURL as if it were a url. This clusters can be read back out of the database, making TinyDisk a global file system anyone can use. There are safeguards in the default config to prevent people from dumping gigs of MP3s into TinyURL. While file-system-on-web-applications are nothing new (GMail file system anyone?) this hack shows how easy it is to accidentally design a web application insecurely despite the default PHP protections. See his presentation for more info"

1 of 188 comments (clear)

Min score:

Reason:

Sort:

Easy to prevent by The+Cisco+Kid · 2005-10-25 04:30 · Score: 0, Redundant

If TinyURL didnt like this, seems like they could trivially add a check to see if URL's they are given actually exist by accessing them. If they get a 404, dont accept. For those sites that give a redirect instead of a 404, follow the redirects until they get to a page that actually answers, and use its URL instead.