roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <snoopd...@gmail.com>
Subject Re: Roller's implementation on conditional Get
Date Wed, 26 May 2010 01:14:10 GMT
On Tue, May 25, 2010 at 8:59 PM, (David) Ming Xia
<david.ming.xia@ibol.biz> wrote:
> Thank you very much Dave for your response.
>
>    You are right.  Only the text/html content is mapped to URI /roller-ui/rendering/page
and caught by PageServlet and invoked JPA named query for weblog.   All the resource files
are mapped to URI '/roller-ui/rendering/resources'.   Roller is very complicated, indeed.
>
>   Now I would like to ask one more question.  Now we know, for each query to a weblog
page, there going to be one named JPA query, or a database select query.  What if some one
launch an attack on weblog pages on a Roller site?  While registration page and login page
can be protected with captcha, weblog pages have to withstand whatever it is.  Now the bottleneck
of Roller will be the database server.    Roller should be easily scaled up the by different
means such as clustering.
>
>   What do you think should we do to protect the Roller against an attack described above?
Do you think it should be better if we use cache for last-modified?

Yes, caching last-modified for each weblog could help here -- you
could do this via relatively small changes to the PageServlet and I'd
recommend FeedServlet too.

- Dave

Mime
View raw message