Date: Wed, 7 Apr 1999 11:40:47 -0700 (MST) From: Ryan Mooney <ryan@pcslink.com> To: stuart@eclipse.net.uk (Stuart Henderson) Cc: leifn@neland.dk, danny@hilink.com.au, wcooley@nakedape.navi.net, freebsd-isp@FreeBSD.ORG Subject: Re: Web Based Script Message-ID: <199904071840.LAA11203@pcslink.com> In-Reply-To: <370B9C55.A7CE4059@eclipse.net.uk> from Stuart Henderson at "Apr 7, 99 06:56:37 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > Yes but "clever hacker"(TM) can run multiple requests > > in parrallel for either one which basically renders the > > whole delay thing of questionable value. > > ahhh - if you are running from inetd then POP is better in that respect > as you can limit the number of connections per IP address, Good point. > in *that* case, then that is something httpd coders might want to think > about (only on unauthenticated or bad attempts to login to a > password-protected server). Not a bad idea, this would slow down unfreindly robots too... Maybe some kind of threshold where if you see more than N requests/Y time you start inserting gradually increasing delays until the requests/Y fall below N (sort of like the thttpd traffic shaping, but more dynamic). This could really help a lot of services like that... Some sort of persistent pop daemon (not qpopper :) that understood connection limiting could help the "connect every minute" weenies, does cuici (sp?) pop do that? > still not ideal, because "clever hacker" > could be changing the source to any of <insert number of hardware > virtual servers on some machine "clever hacker" has owned> IP addresses, > but it does make it a bit more tricky for them. Yeah, I've always believed in "good enough" security, you make your stuff hard enough to get into that they go bother someone else (of course the bar keeps getting raised). > as you say, if Joe Luser knew what an ssl client cert was ... :) >-=-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-=-< Ryan Mooney Phone (602)265-9188 PCSLink ryan@pcslink.com Internet Services NT is an excellent choice for managers who need to show that they used up their fiscal year budget for hardware/software expenditures. <-=-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-=-> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904071840.LAA11203>