On Thursday, May 5, 2016, Russell Keith-Magee <[email protected]> wrote:
> I will admin that I haven’t been paying *close* attention to Andrew’s work > - I’m aware of the broad strokes, and I’ve skimmed some of the design > discussions, but I haven’t been keeping close tabs on things. From that > (admittedly weak) position, the only counterargument that I’ve heard are > performance concerns. > I haven't brought this up before, but security is something we should discuss pre-merge. What I'm mainly worried about is malicious clients intentionally trying to choke the channels layer. I guess the approaches for DoS attack would fall under these categories: 1. Try to generate large responses and read those response slowly. 2. Fire a large request, don't read the response. 3. Try to cause exceptions in various parts of the stack - if the worker never writes to the response channel, what will happen? There are always DoS vectors, but checking there aren't easy ones should be done. The main concern with channels is potential resource leak. I found accidentally some presentations that seem relevant to thus discussion. I recently watched some presentations about high availability at Braintree. There are two presentations available, one from 2013 by Paul Gross, where he explains their approach to HA, and one from 2015 by Lionel Barrow, explaining what changed. Both are very interesting and highly recommended. The 2013 presentation introduces one key piece to HA at braintree, called Broxy. Broxy basically serves HTTP the same way as Daphne - write requests to tedis, and wait for response again through Redis. The 2015 representation explains what changed. They removed Broxy because it turned out to be conceptually complex and fragile. It might be their implementation. But there is certain level of both complexity and possible fragility about the design. On the other hand their story pretty much verifies that the design does scale. All in all I'd feel a lot more confident if there were large production sites using the channels system, so that we shouldn't theorize on the excellence of the approach. Are there already production deployments out there? - Anssi -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CALMtK1FoOSiGr0w_3JP8UYE-_owqOnS59d%2BOjp8eTWt4Qh48SQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
