Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: Collect performance metrics #9

Open
kristovatlas opened this issue Feb 7, 2024 · 0 comments
Open

Proposal: Collect performance metrics #9

kristovatlas opened this issue Feb 7, 2024 · 0 comments
Labels
enhancement New feature or request security

Comments

@kristovatlas
Copy link
Collaborator

Description

We assume by standard operating that the JSON-RPC interface will sit behind load-management services such as load balancers, DDoS protection services, etc. However, there may be some operations in this service that are so resource expensive they continue to pose a DoS vector, especially when load management software is unaware of application-level context. (For example, a common web DoS technique is the "WordPress XMLRPC flood", which targets certain expensive operations in WordPress.)

By collecting some stats on the load of various operations accessible through the JSON-RPC interface on "typical" hardware specs, we can highlight any obvious vectors for DoS that may require special security controls such as application-level rate limiting.

@kristovatlas kristovatlas added security enhancement New feature or request labels Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request security
Projects
Status: Backlog
Development

No branches or pull requests

1 participant