On Wed, Feb 6, 2013 at 8:54 AM, Gabriel Wicke
<gwicke(a)wikimedia.org> wrote:
Local HTTP requests have pretty low overhead
(1-2ms), but api.php
suffers from high start-up costs (35-40ms). This is more an issue with
api.php and the PHP execution model than with HTTP though, and might be
improved in the future.
I would vote against local http requests, if we can avoid it. They can
certainly be done safely if you design them correctly, but for
example, you write a write a lua template, that calls an api that uses
the same lua template that calls the api,... single request DoS!
(That's usually trivially addressed by, say, including a counter in some
request header and refusing to serve requests where the recursion goes
beyond some configured limit. And it is usually possible to do this at a
very high level, so that should not be a major concern.)