[rabbitmq-discuss] Login woes with the Ruby amqp library

Mathias Meyer meyer at paperplanes.de
Wed Jul 22 19:47:38 BST 2009


On Wed, Jul 22, 2009 at 3:55 PM, Tony Garnock-Jones<tonyg at lshift.net> wrote:
> You're quite right -- that's pretty terrible. We've filed a bug to
> change this so that auth failures end up holding the connection open for
> a few seconds before closing the socket. This will help avoid accidental
> DoSs of this kind. (Libraries of course can still be improved along the
> lines I suggested in my previous message, independent of server changes
> like this.)
>
>From my point of view, something like this would make sense. While
it's feasable to fix client libraries accordingly, there's nothing
standing in the way of a rogue client trying to bog down the server.
We will add a firewall rule, just to be sure that one client can't
connect more than say once per second, but in general it would be a
useful addition to the server itself to not return immediately.

Thanks!

Cheers, Mathias
-- 
http://paperplanes.de | http://holgarific.net
http://twitter.com/roidrage




More information about the rabbitmq-discuss mailing list