[
https://issues.apache.org/jira/browse/JENA-218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Dutton updated JENA-218:
----------------------------------
Description:
A query endpoint might want to have different timeouts depending on whether
queries are from untrusted or trusted users, or maintenance processes. The
timeout could be passed with an X- header, a Timeout header as per
http://tools.ietf.org/html/draft-loreto-http-timeout-00, or a query parameter,
respecting the system default if none is provided. The query parameter might be
less favourable as it'd be harder to filter out for Fuseki instances behind
Apache.
There is a risk that changing the behaviour to allow timeouts to be overridden
will lead to DoSs of query endpoints open to the world to some extent. This can
be mitigated by defaulting to disallowing timeout overrides.
I'm happy to put a patch together and document it at
http://incubator.apache.org/jena/documentation/serving_data/.
was:
A query endpoint might want to have different timeouts depending on whether
queries are from untrusted or trusted users, or maintenance processes. The
timeout could be passed with an X- header, a Timeout header as per
http://tools.ietf.org/html/draft-loreto-http-timeout-00, or a query parameter,
respecting the system default if none is provided. The query parameter might be
less favourable as it'd be harder to filter out for Fuseki instances behind
Apache.
There is a risk that changing the behaviour to allow timeouts to be overridden
will lead to DoSs of query endpoints open to the world to some extent. This can
be mitigated by defaulting to disallowing timeout overrides.
I'm happy to put a patchdocu together and document it at
http://incubator.apache.org/jena/documentation/serving_data/.
> Fuseki should allow timeouts to be specified on a per-request basis
> -------------------------------------------------------------------
>
> Key: JENA-218
> URL: https://issues.apache.org/jira/browse/JENA-218
> Project: Apache Jena
> Issue Type: Improvement
> Components: Fuseki
> Affects Versions: Fuseki 0.2.1
> Reporter: Alexander Dutton
> Labels: needsdocumentation, timeout
>
> A query endpoint might want to have different timeouts depending on whether
> queries are from untrusted or trusted users, or maintenance processes. The
> timeout could be passed with an X- header, a Timeout header as per
> http://tools.ietf.org/html/draft-loreto-http-timeout-00, or a query
> parameter, respecting the system default if none is provided. The query
> parameter might be less favourable as it'd be harder to filter out for Fuseki
> instances behind Apache.
> There is a risk that changing the behaviour to allow timeouts to be
> overridden will lead to DoSs of query endpoints open to the world to some
> extent. This can be mitigated by defaulting to disallowing timeout overrides.
> I'm happy to put a patch together and document it at
> http://incubator.apache.org/jena/documentation/serving_data/.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
