[dev] [commits] Horde branch master updated. caa4af675a2be98a597c237189022da45b97c3d5
Michael M Slusarz
slusarz at horde.org
Mon Jun 10 20:16:45 UTC 2013
Quoting Michael M Slusarz <slusarz at horde.org>:
> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von Michael M Slusarz <slusarz at horde.org>:
>>
>>> Quoting Jan Schneider <jan at horde.org>:
>>>
>>>> Zitat von Michael M Slusarz <slusarz at horde.org>:
>>>>
>>>>> The branch "master" has been updated.
>>>>> The following is a summary of the commits.
>>>>>
>>>>> from: 21f4a6dc23769d29d60a43cb1d6487025b32fa4a
>>>>>
>>>>> a9ee0b4 [mms] Mailbox imports are now limited to 500 messages by default.
>>>>
>>>> Please move this to 6.2.
>>>
>>> Why? This is a security/DoS fix.
>>
>> How is that a security fix? And a DOS could easily be appoached
>> with setting a maximum execution time in the PHP configuration.
>
> I can bring down my server when importing a file with, say, 10,000
> messages. Maximum execution time will NOT do anything for this - at
> least it doesn't in my testing. Regardless, that's not the correct
> way of fixing this either: a user could just keep opening windows
> and trying to import the file.
This appears to be the issue (TCP_NODELAY):
http://aboutsimon.com/2012/07/27/python-tcp-socket-performance-tweak-on-linux/
Unfortunately, there is currently no way to enable TCP_NODELAY on
socket streams:
https://bugs.php.net/bug.php?id=51879&edit=1
Unless/until that happens, we must limit importing.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the dev
mailing list