roller-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "\(David\) Ming Xia" <david.ming....@ibol.biz>
Subject Re: Roller's implementation on conditional Get
Date Wed, 26 May 2010 04:11:14 GMT
Hi, Dave.

   I took a look into it and I found another place that has very intensive database queries.

   RequestMappingFilter.doFilter() --> WeblogRequestMapper.handleRequest().

  RequestMapingFilter's URL mapping is /*, so it check every http request.

  WeblogRequestMapper.handleRequest() verifies ALL requests, I mean, including those css,
js and image files with named JPA queries.  


  Actually,  both PageServlet and RequestMappingFilter query weblog with handle.  It looks
like database is used as hashtable in these two functions.   While database is usually used
for account data transaction, relational data management.    

  Now for each web page request there are at least 'eleven' database queries, one for the
text/html content in PageServelt and ten requests in mapping filter for everything including
the text/html.

  I feel that there could be even more database wires.  Since many people work on Roller
and everyone tends to add some more wires. 

   It seems that there should be a top-down design solution for this issue.   


    Like to hear something from you.


David

  

--- On Tue, 5/25/10, Dave <snoopdave@gmail.com> wrote:

From: Dave <snoopdave@gmail.com>
Subject: Re: Roller's implementation on conditional Get
To: user@roller.apache.org, david.ming.xia@ibol.biz
Date: Tuesday, May 25, 2010, 9:14 PM

On Tue, May 25, 2010 at 8:59 PM, (David) Ming Xia
<david.ming.xia@ibol.biz> wrote:
> Thank you very much Dave for your response.
>
>    You are right.  Only the text/html content is mapped to URI /roller-ui/rendering/page
and caught by PageServlet and invoked JPA named query for weblog.   All the resource files
are mapped to URI '/roller-ui/rendering/resources'.   Roller is very complicated, indeed.
>
>   Now I would like to ask one more question.  Now we know, for each query to a weblog
page, there going to be one named JPA query, or a database select query.  What if some one
launch an attack on weblog pages on a Roller site?  While registration page and login page
can be protected with captcha, weblog pages have to withstand whatever it is.  Now the bottleneck
of Roller will be the database server.    Roller should be easily scaled up the by different
means such as clustering.
>
>   What do you think should we do to protect the Roller against an attack described above?
Do you think it should be better if we use cache for last-modified?

Yes, caching last-modified for each weblog could help here -- you
could do this via relatively small changes to the PageServlet and I'd
recommend FeedServlet too.

- Dave

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message