[Phpmyadmin-devel] GSoC Project - AJAX Error Reporting
Rouslan Placella
rouslan at placella.com
Sun Apr 14 15:56:32 CEST 2013
On 04/14/2013 01:02 PM, Marc Delisle wrote:
> Le 2013-04-12 16:02, Rouslan Placella a écrit :
>
>> 3) No need for authentication, either. AFAIK, there is no way that we
>> can check if the request is valid, as phpMyAdmin users are not known to
>> us. The worst case scenario that I can think of here, is dealing with a
>> DoS attack.
>
> Isn't this a threat big enough to cancel this project?
Well, no, it's not that big of a deal as far as I can see. First, this
is not likely, but then we'll just need to rate-limit requests. A per-IP
limit would help here, but we might also want to have a global limit to
help with possibility of distributed attacks. After the limit is reached
a request would just get a "429 Too Many Requests", and the client, of
course, will know how to deal with that.
Bye,
Rouslan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20130414/dbfb191f/attachment.sig>
More information about the Developers
mailing list