On Mon, 18 Jun 2018 00:01:33 +0300 John Found <johnfo...@asm32.info> wrote:
> > Please no, this would be real security nightmare. Anyone can attack any > > fossil public repo then by simple DoS. Do not ever allow anonymous to play > > with your pristine repository! If anon needs to "push" something, then > > he/she needs to make his/her repo public and *you* can investigate the > > patch of her/him first. > > > > Thanks, > > Karel > > At first it seems you underestimate the ability of fossil to withstand high > load. But then, there are many ways to overload web server without pushing > bundles. My experience is that fossil is pretty hard to be overloaded, even > on very lightweight servers. I've not been talking about DoS using CPU consumption, but rather about DoS based on disk size consumption. Is it that hard to create a bundle automatically and then push that to the remote server and do that in loop to consume all the drive space? Let's see then how underlying OS stops logging into /var/log due to partition shared with /fossil data. Will all the important daemons survived 0 available space etc. etc. By openning option to upload data somewhere for anyone, you put yourself on very danger land indeed. IMHO! _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
