[Seaside] Goods connection limit
cdshaffer at acm.org
Wed Sep 7 23:09:34 CEST 2005
I just ran the "wget" loop on one of my production apps (my development
version of it, that is) that uses GOODS. No problems up to 850
connections. Didn't try to go beyond that. I'm running on Gentoo
linux. You? In linux, without some adjustments, processes are limited
to 1024 open file descriptors. You can raise the limit by playing with
some /proc file, sorry, I forget the details. Note that plain old
"ulimit -n 9999" may make it seem like the limit was raised (ulimit -a
report the larger limit) when in fact the kernel still imposes it. So,
a DoS still wouldn't be very difficult. I've got to run but would like
to see this discussion continue. I don't think limiting connections
from one IP would work since many places proxy through a single IP. Our
college, for example, appears as one IP to the outside world. Still, as
long as the limit was high enough it might be better than nothing.
William E Harford wrote:
> I created a subclass of WASession to handle a connection to GOODS. It
> allows my easy and almost transparent access to persistent storage.
> This seams to be a very common way to handle GOODS with Seaside.
> I have come across a problem in which I am not to sure there is a
> perfect solution to. For some reason goods will only allow about 200
> connections. After that my Seaside apps (the ones whose sessions have
> not connected to the database) will lockup and wait for goods to allow
> new connections; after some stale sessions have been unregistered.
> We plan on servicing much more than 200 concurrent users so this is a
> bit of a problem. Also to DOS a Seaside application that relies on
> GOODS is trivial. A simple `while true; do wget
> "http://bla.ca/seaside/bla"; done` will do it.
> I tried initiating a GOODS connection at the start of a continuation
> and ending it at the end of a continuation but this caused major
> problems and crashed the image (understandable). Even if I could make
> this work or is even possible I don't think this would be such a good
> solution because I would loose the local cache (right?).
> I am starting to think I have 2 distinct problems and it will require
> 2 distinct solutions.
> 1) Allowing > 1000 concurrent database connections.
> I can't seam to find a way to tell goods to allow more than ~200
> connections. I don't see any reason why GOODS can not allow thousands
> or even tens of thousands (given enough fire power) of connections.
> 2) Limit the ability for someone to DOS our applications. This could
> be something as simple as limiting the number of connections from an
> IP address.
> Any ideas on how I could best handle this ?
> William E Harford <seaside at harford.org <mailto:seaside at harford.org>>
>Seaside mailing list
>Seaside at lists.squeakfoundation.org
More information about the Seaside