Section 9.1.2 says that an ALTO server MUST provide a full cost map. Full
cost maps increase as the square of the number of PIDs, so they can be
very large -- 10s, even 100's of megabytes. So if a server has a large
number of PIDs, it's trivial to overload the server by flooding it with
simple GETs.
Granted a server can defend itself by cutting off a client who issues "too
many" full cost map requests "too quickly". But that's a pain to
implement. And attacks can come from a swarm of clients, of course.
However, we could avoid that class of attack altogether by making full
cost maps optional, rather than required. And allow servers to limit the
number of source/destination pairs in a filtered request, of course.
What do you folks think about that?
Incidentally, my experience has been that a full cost-map for (say) 2000
PIDs can overwhelm standard JSON libraries. The client may need a custom
parser to handle that large a map.
- Wendy Roome
_______________________________________________
alto mailing list
alto@ietf.org
https://www.ietf.org/mailman/listinfo/alto
