Kurt D. Starsinic
kstar at orientation.com
Mon Apr 24 16:20:24 CDT 2000
On Sun, Apr 23, 2000 at 10:43:17AM +1000, Bron Gondwana wrote:
> > No limitation.. Feature.. ;-P
> > Throwing a throttle on connections is meant to limit situations where an
> > individual could attempt to bash the server (intentionally on other).
> It may be worth giving an option to either disable this all together, or
> preferably on a per-user basis. I'm thinking about something like a
> print server or syslog setup where you want high speed at _all_ times
> often from a single "user".
> Otherwise, sounds like a good idea! Stop those id10t spammers.
A better solution might be to (optionally) make the client do some
hard work that the server can check easily, such as factoring a large
number chosen by the server:
S: <jabber-response please-factor="21"/>
C: <jabber-request please-factor="21" factor_a="3" factor_b="7">
Of course, substitute a suitable bignum in place of `21'.
Added work on the server side: generating bignums (and their
factorizations), managing a pool of same, checking factor_a and factor_b
on every request, making sure the challenge is currently in the pool,
issuing new challenges for failed responses.
Added work on the client side: keeping the most recent request in a
buffer in case it is challenged, factoring bignums, resending requests
that have been challenged.
Very minimal bignum support (integer multiplication only) is required
on client and server; one doesn't require a full-featured implementation
The advantages are that, under high load, throttling is handled by the
client, instead of the server keeping per-client state; and throttling can
be per-client (privileged clients are offered non-expiring challenges, but
everybody else has to periodically respond to a new challenge; and/or
second-tier clients are given bigger nums to factor).
Thoughts? I wouldn't be averse to coding this up myself. I'm going
to be dealing with serious Jabber scaling issues soon . . . .
* Kurt Starsinic (kstar at orientation.com) ---------- Senior Network Engineer *
| `It is impossible to achieve the aim without suffering.' -- J. G. Bennett |
More information about the JDev