[TYPO3-doc] RFC: Request rendering through web service
Karsten Dambekalns
karsten at typo3.org
Wed Jun 12 09:50:13 CEST 2013
Hi Francois.
Quote: François Suter[1] wrote on Sat, 08 June 2013 16:59
----------------------------------------------------
> That sounds all good. One additional thing we should keep in mind is
> some form of security. If the endpoint is totally open, there's a real
> risk of it being DOS'ed. A simple system might be to have a white list
> of requesters. We could also imagine some form of handshake, but that
> would of course make the requesting scripts more complex.
Well, if anyone should be able to hook a github repository in, whitelisting starts to show it's weakness.
Anyway, with the job queue in between requests and the resource-hungry rendering a "real DOS attack" is not really possible. But something that blocks more than one request per package per minute would be something that's not too hard to implement. And if there is a job already queued, do nothing. Both options together should suffice as protection.
Regards,
Karsten
--
Karsten Dambekalns
TYPO3 Developer, Neos / Flow Team
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-documentation
mailing list