This is a brief note on security aspects of the DICT server:

* Searches that return the whole index
    Description:
        Some searches, such as "MATCH * re ." will return the whole
        database index, and this index must be buffered by the server. Each
        server instance can therefore be using 4-5MB for a typical
        installation.  This can result in significant resource utilization
        on the server machine, swapping, and possible DoS.

    Solutions:
        * limit connections
        * limit amount of data returned
        * limit simultaneous outstanding searches (e.g., "increment a lock
          (eg, create a link to a file) every time you start searching for
          a definition, and decrement it (eg unlink) when the results have
          been looked up, if the number (eg link count) exceeds n, sleep a
          while before looking it up.")

* Denial of service by idling clients
    Description:
        An adversary can connect to the server multiple times (until the
        server limit is reached) and thereby deny other clients access to
        the server.
    Solutions:
        * limit connections based on IP or mask

* Enhance access control, like hosts_access(5) in TCP Wrappers.
    * NIS/YP
    * IP/mask
    * "paranoid" checks for reverse DNS

* Buffer overflow
    * Robustify logging routines (e.g., daemon_log and use of strlen)