I am working on an application. There is a new feature implemented where a user create some IDs and secret keys for that application.
I have observed that there is no rate limit for creating those.
I have sent the request to intruder and created nearly 11000 sets of IDs and secrets.
So whenever any user tries to access that page, it loads continuously and displays a message that page has become unresponsive and as a result it doesn’t let user to access anything in the page.
In my point of view, this is a vulnerability because lack of rate limiting is leading to inaccessibility of the page for all the users in the application.
However, I am confused if it is as considered as a DOS attack or valid rate limiting issue.
Please suggest with valid justification.
Lets say we are trying to solve some algorithmic problem A that is dependent on input of size n. we say algorithm B that runs in time T(n), is asymptotically better than algorithm C which runs in time G(n) if we have: G(n) = O(T(n)), but T(n) is not O(G(n)).
My question is related to the asymptotic running time of graph algorithms, which is usually dependent on |V| and |E|. Specifically I want to focus on Prim’s algorithm. If we implement the priority queue with a binary heap the run-time would be O(ElogV). With Fibonacci heap we could get a run-time of O(VlogV + E).
My question is do we say that O(VlogV + E) is asymptotically better than O(ElogV)?
Let me clarify: I know that if the graph is dense the answer is yes. But if E=O(V) both of the solutions are the same. I am more interested in what is usually defined as an asymptotic improvement in the case we have more than one variable, and even worse – the variables are not independent (V-1<=E<V^2, since we assume the graph is connected for Prim’s algorithm).
The description for kinetisists wild talents says
Wild talents are typically spell-like abilities (though some are supernatural abilities), and take a standard action to use unless otherwise noted.
But many other classes get spell like and supernatural abilities as well as the ability to mimic spells rouges get the minor and major magic talents, many ninja tricks are supernatural abilities, and qigong monks can mimic spells as ki powers so there’s obviously ways to do magic stuff without being without being a mage.
As a ninja continues her training, she learns a number of tricks that allow her to confuse her foes and grant her supernatural abilities. Starting at 2nd level, a ninja gains one ninja trick. She gains one additional ninja trick for every 2 levels attained after 2nd. Unless otherwise noted, a ninja cannot select an individual ninja trick more than once. Tricks marked with an asterisk (*) add effects to a ninja’s sneak attack. Only one of these tricks can be applied to an individual attack and the decision must be made before the attack is made. A complete listing of ninja tricks can be found here: Ninja Tricks
Major magic rogue talent
Prerequisite: Intelligence 11, minor magic rogue talent Benefit: A rogue with this talent gains the ability to cast a 1st-level spell from the sorcerer/wizard spell list two times a day as a spell-like ability. The caster level for this ability is equal to the rogue’s level. The save DC for this spell is 11 + the rogue’s Intelligence modifier.
Under ki powers of qigong monk
Spells: These ki powers duplicate the effects of a spell, and are spell-like abilities. A qinggong monk’s class level is the caster level for these spell-like abilities, and she uses Wisdom to determine her concentration check bonus.
Kinetisists feel way more magical than the above examples do but they don’t play like a typical caster what with the absence of spell slots. On the other hand just like casters they are almost entirely reliant on their magical stuff for lack of better words.
So the question is are kinetisists actually mages.
For using Counterspell, a spell needs to contain some kind of component, otherwise it cant be countered.
When casting spells from magical items the spell is cast at the lowest possible spell level, doesn’t expend any of the user’s spell slots, and requires no components, unless the item’s description says otherwise. DMG p141.
spells you cast from items can be countered
So, does it mean that the magic items are considered as the material components of the spell?
If a magic item runs on "Magic Batteries" when the Item is out of power would it be considered a magic time for the purpose of the Identify and Detect Magic spell?
For example, I have a Mirror that shows through illusions, it has crystals around it that are destroyed as you used it, you can replace the crystals for more uses when it has no crystals, would it still be considered a magic item detectable by the spells?
Would the same work for items with charges that recharge at dawn? If the item has 0 charges and is not dawn yet, would it be still be considered a magic item?
A non-deterministic finite automaton is considered to be halted when either the whole input string has been consumed or when we reach a state where no available transition (if any) matches the current character being read.
If the machine halts when it’s in an accepted state and at the same time the whole input has been consumed the input string is considered to be accepted.
Now, when introduce $ \epsilon$ transitions the machine doesn’t necessarily halt when the whole input string has been consumed, for it is possible that there are still $ \epsilon$ transitions available.
Suppose we have a NFA that is in an accepted state and also that the whole input has been consumed, but there are still $ \epsilon$ transitions available in this state, can we considered the input string to be accepted or do we need to "follow the trail" of $ \epsilon$ transitions until we reach a state where no other transition is available?
The find familiar spell has a duration of instantaneous, which implies that the familiar itself is not an ongoing magical effect. However, the spell provides a number of ongoing features that are definitely supernatural:
- The familiar disappears when it drops to 0 HP.
- The wizard can temporarily or permanently dismiss the familiar.
- The wizard can communicate with the familiar telepathically.
- The wizard can observe through the familiar’s eyes and ears.
- The familiar can deliver touch spells on behalf of the wizard.
Which of these features are considered magical? For example, would any of them show up to a detect magic spell or be suppressed by an antimagic field? In addition, is my assumption above correct that the familiar itself is not considered magical?
My understanding is that when a spell is known or prepared via one of your class features, or if you cast it via a class feature, it’s considered a “class spell” (sorcerer spell, cleric spell, etc.) for you. If you cast it via some method outside your class (items, etc.), it isn’t considered a spell from your class.
For clarity, some class features care about whether or not a spell is a ‘class’ spell (emphasis mine):
Wild Magic Surge for Wild Magic sorcerers can only trigger “[…] immediately after you cast a sorcerer spell […]”.
Overchannel for School of Evocation wizards can only be used “when you cast a wizard spell […]”
Empowered Evocation for School of Evocation wizards can also only be used on “[…] any wizard evocation spell you cast”.
Rod of the pact keeper gives a bonus “[…] to the saving throw DCs of your warlock spells”.
Contrast with a feature like Blessed Healer for Life Domain clerics that just use the language of “When you cast a spell […]”, and you’ll see why I believe there’s an important distinction as to whether or not a spell instance is a ‘class’ spell.
However, comments on this answer made me question where my understanding of what makes a spell instance a ‘class’ spell comes from, and I’m not sure of a concise spot that explains it. What are the rules that govern what is or is not considered a class spell when cast?
Of particular concern is whether or not a spell is, in all instances, a class spell once you’ve obtained it from your class. For example, if you were a wizard that had magic missile both prepared and in your spellbook, would any instance of magic missile you cast be considered a wizard spell, even if it was cast by way of, say, a wand of magic missile?
The alternative class feature Domain Access (Complete Champion, p. 52) reads, in part:
Choose one cleric domain. If you worship a specific deity, the domain you choose must be one to which your deity grants access. You gain the granted power of the chosen domain. In addition, you can cast one domain spell of each spell level available to you per day from that domain.
Does having access to the domain spells make a sorcer qualify for any prestige class that requires the PC to be a divine caster?
I have troubles to understand what is exactly a threat.
If I’ve an antivirus able to catch some malware, is this malware still considered a threat to my computer.