Hi Sam,
On Thu, Dec 20, 2001 at 05:39:16PM -0500, Sam Varshavchik wrote:
> Stephane Enten writes:
>
> >On Fri, Dec 07, 2001 at 03:35:37PM +0100, Olivier Poitrey wrote:
> > > Hello,
> > >
> > > Authdaemon system don't seem to have any cache system. For authmethod
> > that
> > > need database access, I think that it's not really powerfull. What about
> > > implementing a cache mechanism in authdaemon ?
> > >
> > > I'm sorry if it is already in the TODO list.
> >
> >What about this unanswered request ?
> >
> >I think many of us using some database (ie. MySQL or LDAP) would really
> >like to have authdaemond make use of the fact that he's persistant.
>
> It already does. It keeps a persistent database connection open.
And he's nice to do so.
If he didn't I hope you would probably had make it a library instead.
> >When it comes to tens or hundreds of queries per second, having some
> >caching would save us some serious load on the database server(s).
>
> Before you design these kinds of grandiose schemes, try to do some analysis
> first. Caching will only work if you get the same requests, over and over
> again. Unless you have lusers that try to log in hundreds of times per
> second, caching only adds unnecessary complexity, opportunities for more
> bugs to fester around, and you won't end up saving anything since nearly
> every request won't be found in the cache, and you end up going to the DB
> anyway.
Well, in the real world I meet daily, users are checking their mails
every few seconds or minutes, my servers have plenty of RAM and I would
hope that using this RAM to cache, even a *lot* of authentication
entries could help my database servers to life more idle-y.
That said, I understand your point of view ... are your against the DNS
caching concept too ?
> So, exactly what do you expect to get from caching, really?
Well, given a million of users (or more) in the DB, and that a majority
of users are living their mails as a session (ie. they start
reading/answering their mails, then stop and do something else, or even
disconnect if they are on dialup), I guess that some windows are created,
and that a cache could cope with that.
> >Another great benefit of a caching engine would be that DoS'ing the
> >database by hammering the services with authentification requests would
> >become a lot more difficult.
>
> There are other things in both the IMAP, POP3, ESMTP, and Webmail servers
> that are designed to prevent these kinds of attacks.
Are you talking about the MAXPERIP option that we can't omit without
seeing -maxperip complaining about the lack of value ? :)
(tried to set as a value of 0, complained the same way)
Sadly enouht, I can't use that since I can't set them at a reasonable
value unless I have my customers behind some NAT (and belive me hundreds
of employees NAT'd as a single IP isn't that unusuall) wanting to burn
my house.
Regards,
Stephane
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
