Jonathan Gilbert wrote:
>
> This of course doesn't do anything to stem an intentional denial of
> service attack (apart from forcing such a malicious person to make
> many short-lived connections rather than just one long one -- if the
> number of connections from each IP were itself rate-limited, that
> could potentially deal with non-distributed DoS attacks), but rather
> prevents accidental requests from blowing up the server and also
> allows legitimate long-running requests to proceed at a lower speed
> without preventing anybody else from effectively using the system.
As an svn admin on a private network, I don't care about intentional DOS
at all; we've got HR procedures to handle that. What I do care about is
people accidentally checking out the root of the repository, and then
going to get coffee and filling up their own disks -- a rate limiter
doesn't help with that. I want a way to configure the server to reject
checkouts of certain parts of the repository. These checkouts should be
allowed with a --force command, as this _isn't_ access control, it's
there to help people avoid making common mistakes.
- Marc
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Apr 19 13:51:22 2006