Heh, a new version on the day my mini writeup of 0.3.12 went live.  Isn't
that the way things always go?   ;^)

On 4/4/06, Zed Shaw <zedshaw / zedshaw.com> wrote:
> Hello All Mongrel Users,
>
> For the unintiated, Mongrel is a web server that runs Ruby web applications
> really fast.  Read http://mongrel.rubyforge.org/ to get find out more about
> it.
>
> This is the Iron Mongrel release.  It is the result of trying to trash
> Mongrel until it can't move and then fixing anything that comes up.  The
> work was done on EastMedia's and VeriSign's upcoming project in order to
> make sure it can handle heavy loads and potentially malformed requests.  The
> project is a security and identity project so having a web server that is
> able to block bad requests is very important.
>
> The testing methods used were (are):
>
> 1.  Unit testing what I can.  Mongrel is a server so many tests have to be
> done "live".
> 2.  Thrashing Mongrel's HTTP parser internally with random or near-random
> data (called fuzzing).
> 3.  Using "Peach Fuzz":http://peachfuzz.sourceforge.net/ to thrash several
> live apps with randomness.
> 4.  Running several extensive little scripts to explore the edges of death
> for Mongrel.
> 5.  Heavy code audits covering as much code as possible to find any possible
> loose ends.

This sounds very cool.   any chance you could write up some of your testing
activity in more detail?   I think this would be a great way to learn more about
testing beyond unit testing.

>
> The end result is a lot of little fixes which make Mongrel more robust
> against badly behaving clients and possibly against many potential security
> risks in the future.  In general Mongrel 0.3.12.1 behaves more consistently
> compared to past releases when given random data or maliciously formatted
> data.

Again, seeing more specific examples (show us the code man!) would be
awesome.

>
[deleted]
> Zed A. Shaw
> http://www.zedshaw.com/
> http://mongrel.rubyforge.org/
>
> P.S. The snazzy Iron Mongrel logo is courtesy court3nay from
> http://caboo.se/
>
>
>


--
thanks,
-pate
-------------------------