14 Apr
2013
14 Apr
'13
3:56 p.m.
On 04/14/2013 01:02 PM, Marc Delisle wrote:
Le 2013-04-12 16:02, Rouslan Placella a écrit :
- No need for authentication, either. AFAIK, there is no way that we
can check if the request is valid, as phpMyAdmin users are not known to us. The worst case scenario that I can think of here, is dealing with a DoS attack.
Isn't this a threat big enough to cancel this project?
Well, no, it's not that big of a deal as far as I can see. First, this is not likely, but then we'll just need to rate-limit requests. A per-IP limit would help here, but we might also want to have a global limit to help with possibility of distributed attacks. After the limit is reached a request would just get a "429 Too Many Requests", and the client, of course, will know how to deal with that.
Bye, Rouslan