Would it be a good idea to be able to specify the pagestore limits on a per-wicket-session base?
So you could for example increase the page store limits once a user has successfully authenticated. DoS web clients usually don't go through the mess to authenticate first. Also multiple authentications of the same user could be easily detected. So DoS should be a little harder. Am 07.01.2010 um 17:05 schrieb Johan Compagner: > what is the definition of an overloaded pagestore? > if the page store can be overloaded (so more then it should load) then it is > a bug of wicket. > But even if you get a dos attack then max 10MB per user will be allocated > yes, but thats not overloading in my point of view. > you could always decrease it so thats it is not max 10MB > > On Thu, Jan 7, 2010 at 14:29, manuelbarzi <manuelba...@gmail.com> wrote: > >> if this is the behaviour by default, then, how do you avoid a DoS attack? i >> mean, to put an example, if a simple app like this receives thousand of >> users just refreshing the home page, then the pagestore will be >> overloaded... may this become a disk I/O overhead and its other possible >> consequences. >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
