PHP : DOS attack possible

DOS-attack is possible. An attacker can submit specially designed values to the application input, which will cause a large amount of computation and can disrupt the normal operation of the application.

Traditional DOS-attack in which the attacker makes a huge number of requests to the application are easy to prevent at network level. The attacks that are more dangerous are ones related to the insecure application logic allowing to disrupt its work with a small amount of specially designed requests. In particular, the application functionality where the user determines the amount of time or system resources used to process his/her request is dangerous.