[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Limiting access to replay in 1.4

From: Marc Sherman <msherman_at_projectile.ca>
Date: 2006-04-19 13:50:34 CEST

Jonathan Gilbert wrote:
>
> This of course doesn't do anything to stem an intentional denial of
> service attack (apart from forcing such a malicious person to make
> many short-lived connections rather than just one long one -- if the
> number of connections from each IP were itself rate-limited, that
> could potentially deal with non-distributed DoS attacks), but rather
> prevents accidental requests from blowing up the server and also
> allows legitimate long-running requests to proceed at a lower speed
> without preventing anybody else from effectively using the system.

As an svn admin on a private network, I don't care about intentional DOS
at all; we've got HR procedures to handle that. What I do care about is
people accidentally checking out the root of the repository, and then
going to get coffee and filling up their own disks -- a rate limiter
doesn't help with that. I want a way to configure the server to reject
checkouts of certain parts of the repository. These checkouts should be
allowed with a --force command, as this _isn't_ access control, it's
there to help people avoid making common mistakes.

- Marc

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Apr 19 13:51:22 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.