[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RSS-DEV] ANN: RSS 'ping' interface at fyuze.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"justin klubnik" <pseudonym@mindspring.com> writes:
<snip/>
> http://fyuze.com/api/cgi/?op=ping&url=http://slashdot.org/slashdot.rdf
>
> Simply substitute the URL of your RSS feed. If fyuze has never seen your
> feed before it will fetch it, and if its valid, add it to its list, submit
> it for categorization in the directory, and index it. If the feed has
> pinged before, it will simply fetch and index it. It will only allow each
> feed to be fetched once every five minutes. (to prevent abuse)
<snip/>
You need to be very careful with the security issues here. You could really
open yourself (and anyone on the Internet) to a DoS attack. Specifically the
GET is only about 100 bytes but the slashdot.rdf file is pretty large (>100k)
and the indexing would take some CPU.
I would recommend adding a mandatory throttle. Say a max of 1 ping index every
5 minutes. Did you already do this?
If you didn't anyone on the Internet could ping any of your feeds and kill your
server.
Kevin
- --
Kevin A. Burton ( burton@apache.org, burton@openprivacy.org, burton@peerfear.org )
Location - San Francisco, CA, Cell - 415.595.9965
Jabber - burtonator@jabber.org, Web - http://www.peerfear.org/
GPG fingerprint: 4D20 40A0 C734 307E C7B4 DCAA 0303 3AC5 BD9D 7C4D
IRC - openprojects.net #infoanarchy | #p2p-hackers | #reptile
Nearly all men can stand adversity, but if you want to test a man's
character, give him power. - Abraham Lincoln
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Get my public key at: http://relativity.yi.org/pgpkey.txt
iD8DBQE9Iq2gAwM6xb2dfE0RAjKMAKDOw8fy98Aca6hZHT+yy8/Iqx1J/QCcDH61
Q8uFW8jkSiPvd3ZZUHcbMVA=
=Hyr7
-----END PGP SIGNATURE-----