Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5CA22F485 for ; Mon, 25 Mar 2013 04:14:52 +0000 (UTC) Received: (qmail 69627 invoked by uid 500); 25 Mar 2013 04:14:51 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 69191 invoked by uid 500); 25 Mar 2013 04:14:48 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 69155 invoked by uid 99); 25 Mar 2013 04:14:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Mar 2013 04:14:48 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of kxepal@gmail.com designates 74.125.82.176 as permitted sender) Received: from [74.125.82.176] (HELO mail-we0-f176.google.com) (74.125.82.176) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Mar 2013 04:14:41 +0000 Received: by mail-we0-f176.google.com with SMTP id s43so462365wey.35 for ; Sun, 24 Mar 2013 21:14:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=1x+CzBChZuqzsKX3AqKVIHrRup9Vlqi1q8rYwSruECk=; b=V0tRawSc7N93PpZJlgAANBbIDC+IVy+RlkWKgjPVpaKoCTIaAYILuyWAyFdtpFWLoQ FmQ7zWsGpepHHh3RwelYmnykEV00LlPjq7fYpOTtlgndFtdmCPEQkSX33Lpy7Tsb7ZAU IawRdAl5BmQFDq21gtPK3MktvSwuwAPY81zbm0yBSSNw5LdKOaUJzXlhkoQz0pPjZcHz xjiS4F+5RywKXZGDIvHzBsGeYvHpYavgTQBmuRzIJtd776CWTJxxwSLnoQ0DAxp8PmWP Exbo9vgLOOodJJnqiwtJ74GAajwuthBcoSoqTfOiNNlcrN/zZ62FyZ21y64uKOZdtuwG uwNQ== MIME-Version: 1.0 X-Received: by 10.180.82.33 with SMTP id f1mr22879845wiy.13.1364184861154; Sun, 24 Mar 2013 21:14:21 -0700 (PDT) Received: by 10.180.145.201 with HTTP; Sun, 24 Mar 2013 21:14:21 -0700 (PDT) In-Reply-To: References: Date: Mon, 25 Mar 2013 08:14:21 +0400 Message-ID: Subject: Re: Input validation and limits From: Alexander Shorin To: "dev@couchdb.apache.org" Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org Hi Jason! On Mon, Mar 25, 2013 at 7:22 AM, Jason Smith wrote: > ## reCAPTCHA support > ... > ## Rate limiting Wouldn't these things break bulk updates and replications? Both of them triggers vdu much and let them fail on half way just because they hit update rate wouldn't be nice. P.S. Currently, these questions could be solved via nginx in front of CouchDB + fail2ban. May be better to integrate with existed tools? For example, providing auth.log with authentication successful and failure attempts - fail2ban will be happy for this. Currently you have to live with verbose logs (or configure per-module logging, thanks to Jan!) which looks a bit overhead if you're interested only in auth problems. -- ,,,^..^,,,