|
From: | graydon hoare |
Subject: | Re: [Monotone-devel] Re: GCC and Monotone |
Date: | Tue, 02 Dec 2003 19:58:54 -0500 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031115 Thunderbird/0.3 |
Zack Weinberg wrote:
One last issue: denial-of-service. If we have the official depot take patches by email from anyone (which I like, since it makes it much harder to drop patches on the floor) then what's to stop someone sending either a gargantuan patch, or a long series of small patches, and filling up the disk?
depots are probably a less-good fit for this than a public news server with no expiry. I'd like to flatter myself and say a depot will scale to hundreds of concurrent uploaders, but INN has a lot more practise in that category than a single-file-locking CGI I cooked up.
what abuse-control depots have is limited. they have a fixed upload chunk cap (16mb) and they require a signature from the private half of an RSA pubkey they know, on the upload. you can probably kill an apache running a depot just by opening 100 open connections and trickling bytes into them.
further DoS avoidance patches would be appreciated, but ultimately my strategy for this is not to make depots iron clad -- I doubt such a thing can ever really exist -- but rather to encourage people to put up lots of small-ish depots / news servers. security through redundancy.
-graydon
[Prev in Thread] | Current Thread | [Next in Thread] |