Thanks for clarifying. And I take a glance into gluon/widget.py, main.py and rocket.py to confirm there is some timeout=10. So from the design aspect, I'd better avoid expecting a long-run request to finish my app's time-consuming maintenance job.
On the other hand, I confirmed that, with latest trunk, running Windows XP, my maintenance request did last for more than 10 seconds, magically. Does it indicate the DoS-resistant timeout fuse somehow fail? Do you think it is ok or unacceptable? My maintenance job's log: WARNING:root:job.id=33, elapsed=18.8129999638 s Another evidence in web2py/httpserver.log 127.0.0.1, 2010-07-03 21:49:20, GET, /myapp/default/longrun, HTTP/ 1.1, 200, 21.750000 Regard, Iceberg On Jul3, 8:31pm, mdipierro <mdipie...@cs.depaul.edu> wrote: > The web server threads MUST have a timeout (the shorter the better) > else they are vulnerable to denial of service attacks. > > On 3 Lug, 06:23, Iceberg <iceb...@21cn.com> wrote: > > > > > Hi Candid and everyone, > > > Candid mentioned "rocket should close the connections if request is > > taking longer than 10 seconds (default timeout)" in here [1]. Would > > somebody clarify, is that true? > > > My concern is that, one of my old app need some periodical maintenance > > job which could take dozes of seconds to finish. I knew the normal > > solution is run another daemon for that, but, for simplicity reasons, > > I still chose to use web2py 's builtin cron feature to > > visithttp://localhost:8000/myapp/default/maintenanceeveryhour. This trick > > worked well on my windows XP development laptop. I don't know whether > > situation is changed since then. > > > [1]http://groups.google.com/group/web2py/msg/0416ed025f3e33f8 > > > Regards, > > Iceberg
