On Tue, May 25, 2010 at 8:59 PM, (David) Ming Xia <david.ming....@ibol.biz> wrote: > Thank you very much Dave for your response. > > You are right. Only the text/html content is mapped to URI > /roller-ui/rendering/page and caught by PageServlet and invoked JPA named > query for weblog. All the resource files are mapped to URI > '/roller-ui/rendering/resources'. Roller is very complicated, indeed. > > Now I would like to ask one more question. Now we know, for each query to > a weblog page, there going to be one named JPA query, or a database select > query. What if some one launch an attack on weblog pages on a Roller site? > While registration page and login page can be protected with captcha, weblog > pages have to withstand whatever it is. Now the bottleneck of Roller will be > the database server. Roller should be easily scaled up the by different > means such as clustering. > > What do you think should we do to protect the Roller against an attack > described above? Do you think it should be better if we use cache for > last-modified?
Yes, caching last-modified for each weblog could help here -- you could do this via relatively small changes to the PageServlet and I'd recommend FeedServlet too. - Dave
