Re: Limiting access to replay in 1.4

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2006-04-08 17:58:31 CEST

On 4/8/06, Max Bowsher <maxb1@ukf.net> wrote:
> Whilst clearly it's not good for servers to be hammered into the ground
> by scores of users syncing repositories, it would be a very great shame
> if this nice new feature ending up being turned off on the majority of
> significant Subversion installations.

Encouraging end-users to sync large repositories is not a generally
good idea. This feature is like handing people a loaded gun and
helping them point it at our heads. No thanks. For Apache, we might
open it up on a per-request basis (whitelist of IPs that can execute
it); but there's no way we're opening it up for everyone.

> Perhaps we could consider rate-limiting rather than outright blocking of
> the feature as a DoS avoidance strategy?

Rate-limiting isn't the problem - it's that the normal user shouldn't
be making a local copy of repositories that have 400000+ revisions.
If they even *think* Subversion now encourages this, we're going to be
opening a Pandora's box. -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Apr 8 17:59:08 2006

This message: [ Message body ]
Next message: David Anderson: "Re: Dropping dependencies in tarballs"
Previous message: Justin Erenkrantz: "Re: svn commit: r19258 - in branches/svnserve-ssl/subversion: include libsvn_subr"
In reply to: Max Bowsher: "Re: Limiting access to replay in 1.4"
Next in thread: Molle Bestefich: "Re: Limiting access to replay in 1.4"
Reply: Molle Bestefich: "Re: Limiting access to replay in 1.4"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]