[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-janitors] #279: DoS protection support for spiffy
|
From: |
Chicken Trac |
|
Subject: |
[Chicken-janitors] #279: DoS protection support for spiffy |
|
Date: |
Fri, 09 Jul 2010 19:28:53 -0000 |
#279: DoS protection support for spiffy
-------------------------------+--------------------------------------------
Reporter: mario | Owner:
Type: enhancement | Status: new
Priority: not urgent at all | Milestone: 4.6.0
Component: extensions | Version: 4.5.x
Keywords: spiffy, dos |
-------------------------------+--------------------------------------------
Some tips Brian Mastenbrook gave on #scheme. I'm pasting them here in
case we want a DoS protection module for spiffy someday. Here are the
relevant parts:
{{{
<chandler> mario-goulart: I think a sufficient approach would be to
(a) limit the number of active connections, (b) kill
connections according to a least-recently-transmitted
policy, and (c) set a timeout for connections in the
receiving headers phase, and another timeout for sending
data.
<mario-goulart> chandler: wouldn't (c) mess up with things like comet
and long live connection intentionally requested to
avoid the multiple requests overhead?
<chandler> If the server is blocking before responding to a request,
don't time out.
<chandler> But the client shouldn't be allowed to connect or start
sending a request and then block indefinitely before
finishing sending headers.
<chandler> mario-goulart: Furthermore, if the server has data to send
to the client but hasn't actually been able to send it for
several seconds, the connection should be terminated as
well.
}}}
--
Ticket URL: <http://www.irp.oist.jp/trac/chicken/ticket/279>
Chicken Scheme <http://www.call-with-current-continuation.org/>
Chicken Scheme is a compiler for the Scheme programming language.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Chicken-janitors] #279: DoS protection support for spiffy,
Chicken Trac <=