Following up.
You checked in a slightly different version of patch 6 and released it
with 1.1.8. We will test your solution for this and adopt it if it
works.
We will update our code to honor both the idle timeout and the auth
failure delay, to avoid the DoS situation you described, sinc
If you start renaming API functions, rename all of them for
consistency. :)
Agreed, but when changing code on a branch, minimizing code deltas
makes merging easier.
Your code disabled idle timeout entirely
Yeah, probably not a good idea. If I had realized that I probably
would have ju
On Wed, 2008-12-17 at 09:35 -0600, Mike Abbott wrote:
> Here are a few more patches. Still keeping it easy for now. Again
> the basis for these patches is dovecot-1.1.7.
>
> Patch #6. Solve a cross-compilation endianness issue. Currently,
> Dovecot assumes that the endianness of the build
dovecot-auth already does internally a 0-2 second failure delay
The request for this feature specifically called for an increasing
backoff. As always, if you have a better way, go for it.
-#ifndef WORDS_BIGENDIAN
+#if !WORDS_BIGENDIAN
Is this change (and similar ones below) really necessary ?
Yes, since WORDS_BIGENDIAN is defined as __BIG_ENDIAN__ which is
always defined (either 0 or 1), not undef-or-1 like other parameters.
On 352, 12 17, 2008 at 09:35:16AM -0600, Mike Abbott wrote:
> Here are a few more patches. Still keeping it easy for now. Again
> the basis for these patches is dovecot-1.1.7.
>
> Patch #6. Solve a cross-compilation endianness issue. Currently,
> Dovecot assumes that the endianness of the
On Dec 17, 2008, at 5:47 PM, Jose Celestino wrote:
Words by Mike Abbott [Wed, Dec 17, 2008 at 09:35:16AM -0600]:
Here are a few more patches. Still keeping it easy for now. Again
the
basis for these patches is dovecot-1.1.7.
[...]
Patch #8. Back off after auth failures to deter abusers.
Words by Mike Abbott [Wed, Dec 17, 2008 at 09:35:16AM -0600]:
> Here are a few more patches. Still keeping it easy for now. Again the
> basis for these patches is dovecot-1.1.7.
>
[...]
> Patch #8. Back off after auth failures to deter abusers. Stalls 5
> seconds per failed attempt.
Can you
Here are a few more patches. Still keeping it easy for now. Again
the basis for these patches is dovecot-1.1.7.
Patch #6. Solve a cross-compilation endianness issue. Currently,
Dovecot assumes that the endianness of the build system is the same as
the endianness of the runtime system.
