Pete Rowley wrote: > Robert Yates wrote: > >> Isn't amazon's thread (the thread servicing my login attempt) blocked >> on those two requests? > > One thread can be made to handle all such requests, so yes, the thread > would be blocked, but it wouldn't scale to a denial of service through > thread exhaustion - file handles are another matter, but again this is > an implementation detail which can be coded for, rather than an inherent > weakness in the protocol. It might be useful to identify such forms of > attack in order that such implementation traps are avoided for any > officially designated DIX protocol.
Furthermore, if you use a RESTish model, you don't need to have any thread awaiting at amazon if you pass forth and back a cryptographically protected session id... -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Red.es - RedIRIS The Spanish NREN e-mail: [EMAIL PROTECTED] jid: [EMAIL PROTECTED] Tel: +34 955 056 621 Mobile: +34 669 898 094 ----------------------------------------- _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
