[Info-vax] Python for x86?
Dave Froble
davef at tsoft-inc.com
Tue Apr 18 08:41:39 EDT 2023
On 4/18/2023 8:17 AM, Simon Clubley wrote:
> On 2023-04-18, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>
>> I misunderstood the problem.
>>
>
> I'm not convinced you did. The client still managed to open 1000s of
> connections based on David's description. That's exactly where
> server-enforced rate limiting should have kicked in.
>
> Simon.
>
Ok, probably not explained well by me.
The response time for clients using the web server was poor, to say the least.
The server(s) had no problem. The hacker first tried to blame the server(s),
because it took so long to load all the product info. That's when we were
called in. But our logs showed the server was processing connection requests
just fine. The logs also showed the volume of connection requests, and that's
when we took a look at what the hacker was doing, and pointed him at the docs.
Once the hacker batched his requests, ie; included all products in one
connection request, his application worked fine.
So, the problem was the hacker not researching his solution adequately. That
gets back to the concept of "gee, it sure would be nice if he knew what he was
doing". A "real programmer" would have considered things a bit better.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list