Re: ra_svn DOS potential (was Re: svn commit: r9946 - trunk/subversion/libsvn_ra_svn)

From: Branko ÄŒibej <brane_at_xbc.nu>
Date: 2004-06-14 02:16:48 CEST

Greg Hudson wrote:

>On Fri, 2004-06-11 at 06:40, Branko Ã„Å’ibej wrote:
>
>
>>This doesn't do much to avoid the DoS.
>>
>>
>
>It make the network act as a throttle on resource usage by not
>allocating all the memory at once. But you're right; particularly in
>threaded mode (where you can't just set a resource limit), it's not a
>very comprehensive solution.
>
>
[...]

> * The client imposes no limit on communication from the server.
> * Before initial authentication, we impose a very small limit,
> on the order of 4-8K.
> * After authentication (even if it's anonymous), if the connection
> has read access, it gets a medium limit, on the order of 64K.
> * If a connection has write access, we impose no limit.
>
>
I think this is a reasonable approach. It will still allow an untrusted
server to crash a client (the program, not the machine, we can hope),
but I don't see that as a very big problem. I wonder if we can make
ra_dav safe in a similar way, or if we have to.

-- 
Brane ÄŒibej   <brane_at_xbc.nu>   http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Jun 14 02:17:21 2004

This message: [ Message body ]
Next message: Lübbe Onken: "Re: svn commit: r9963 - trunk/subversion/po"
Previous message: Branko ÄŒibej: "Re: svn commit: r9982 - trunk/tools/test-scripts/svntest"
In reply to: Greg Hudson: "ra_svn DOS potential (was Re: svn commit: r9946 - trunk/subversion/libsvn_ra_svn)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]