On Wed, Feb 6, 2013 at 10:04 AM, Bjoern Hoehrmann derhoermi@gmx.net wrote:
- Chris Steipp wrote:
On Wed, Feb 6, 2013 at 8:54 AM, Gabriel Wicke gwicke@wikimedia.org wrote:
Local HTTP requests have pretty low overhead (1-2ms), but api.php suffers from high start-up costs (35-40ms). This is more an issue with api.php and the PHP execution model than with HTTP though, and might be improved in the future.
I would vote against local http requests, if we can avoid it. They can certainly be done safely if you design them correctly, but for example, you write a write a lua template, that calls an api that uses the same lua template that calls the api,... single request DoS!
(That's usually trivially addressed by, say, including a counter in some request header and refusing to serve requests where the recursion goes beyond some configured limit. And it is usually possible to do this at a very high level, so that should not be a major concern.)
I totally agree, but that was just the first attack that popped into my head. There are many more I'm sure.
In general, it seems to me like there will be more attacks opened up by having lua open network requests to the api, than there would be by defining an internal api. But if that turns out to be the best way to handle it, then we'll just need to spend the time making sure it's done in a safe way.
-- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l