RE: webEPICS

[Hinko Kocevar via Tech-talk <tech-talk@aps.anl.gov>]

Hi Andrew,

 

On 2019-01-21 18:10:15+01:00 tech-talk-bounces@aps.anl.gov wrote:

Hi Hinko,

> plotting available.
If there was a server-side data cache in the original it was probably
there to prevent a DoS attack from outside reaching into the control

If I understood the code correctly, webEPICS was taking the OPI/BOB files, generating the HTML/JS and cache the results so that it did not have to convert the OPI to HTML for every request.
 

system network in the event that someone were to send a large number of
requests to the web-server all at once. For your status page, does each
web-client result in a separate pyepics process being started (or cause
a new set of CA-searches or CA-gets to be triggered)? Hopefully you have
some kind of rate limit in place to prevent DoS attacks...

I'm not that familiar with all the underlying mechanism regarding the CA protocol and what happens when a new client appears. Thanks for pointing it out, I need some investigating to do!

DoS - good point. We will need to make it more resilient to such attacks, because I see many script kiddies trying to perform their kung-fu against the server. And there are no rate limiters or similar in place, not at the moment.


Thanks,
Hinko
 

- Andrew

-- 
Arguing for surveillance because you have nothing to hide is no
different than making the claim, "I don't care about freedom of
speech because I have nothing to say." -- Edward Snowdon