cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Niclas Hedhman <nic...@hedhman.org>
Subject Re: ImageOpReader [ was; Community health]
Date Fri, 13 May 2005 12:46:19 GMT
On Friday 13 May 2005 20:21, Vadim Gritsenko wrote:
> Niclas Hedhman wrote:
> > On Friday 13 May 2005 13:27, Bertrand Delacretaz wrote:
> >>Le 13 mai 05, à 07:19, Niclas Hedhman a écrit :
> >>>Can you explain this a bit further? Because I have no clue what you
> >>>think is the actual problem.
> >>
> >>I think Vadim sees a potential denial of service attack, if your system
> >>allows one to generate images of a very large size.
> >
> > Our test shows that;
> >  1. Image generation is in the sub-second range, even for really large
> > images. We hit the server 100 concurrent requests of sizes from 500-1500
> > px, and couldn't register any particular load.
>
> I used 4096 :-) Not sure if it will accept larger image size as well.

If you tried 4200 it would OOME :o)

> >  2. No matter how big sizes you generate, the bandwidth that the system
> > is connected to will 'run out' way before the CPU gets bogged down.
> > AFAIK, if I have a lot more bandwidth than you, I should be able to DoS
> > your system.
>
> DoS is not necessarily overloading CPU - overloading your channel is DoS
> too. If your channel has lots of bandwidth, then DDoS is the way to go :-)

But if I have more bandwidth than you I can always sink your channel, right? 
This is not really an URL issue at all. And it is not my problem :o)
The "fit with-in box" in the URL was a convenience.

> On your place, I personally would not accept arbitrary image size in the
> URL - even if I have it in the URL. I would limit access only to image
> sizes I want to allow. This reduces chance for abuse - and increases chance
> for cache hit (suppose you have zoom control with 5 poisitions and 1000
> positions: latter have higher probability of cache hit, former - higher
> probability of cache miss).

In reality, users will not hack URLs. Only geeks like you guys do that. ;o)
People in general click on the links available.

Another "hack" is that give it a different extension, and you will get a 
different image format back as well, which also reduces the hit rate, by the 
same reasoning. But I must say that things like this makes Cocoon Rock!

> > Since this came up, I will introduce a "max-size" parameter, with a
> > default in the 1000x1000 or so range.

> OT: Why square? Aren't photos ratio 4:3 or some such?

Ok, I make it 1280x1024...

Mime
View raw message