ietf-nntp Multiple AUTHINFOs per session
Ken Murchison
ken at oceana.com
Mon Jan 6 07:00:23 PST 2003
Ade Lovett wrote:
>
> On 01/05/03 22:16, "Russ Allbery" <rra at stanford.edu> wrote:
> > You can DoS a server a whole bunch of different ways, starting from
> > opening a ton of connections and working your way up through the protocol.
> > The server has to detect people who are doing things like that and cut
> > them off if this is a problem.
>
> Right. Which is relatively easy to do within a single connection, like
> someone doing GROUP <group.with.lots.of.articles.#1>, GROUP <group.#2>, etc.
>
> However, the fact that a new instantiation of the client is being suggested
> when a client re-authenticates is a blatantly obvious way of killing a
> server, unless serious amounts of state are saved on a reauth, which kinda
> defeats the purpose of the whole thing.
>
> It's more a case of a solution sounds ok, but then turns out to be
> inherently unscalable, causing everyone needless pain (the rift between
> server and client developers is big enough as it is :()
>
> > I don't personally see much practical use for reauthenticating as a
> > different user, though.
>
> Ditto. If a client really needs two (or more) different streams to the same
> news server, with different authentication credentials, then that is
> entirely a client-issue (ie: it opens up the necessary connections, with
> differing AUTHINFO * stuff), and not something that the server should be
> dealing with.
That was my point exactly, so why are you busting my chops?
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list