Bug 840907
Summary: | qpidd connection counting algorithm not strictly counting not-negotiated connections. | ||
---|---|---|---|
Product: | Red Hat Enterprise MRG | Reporter: | Frantisek Reznicek <freznice> |
Component: | qpid-cpp | Assignee: | messaging-bugs <messaging-bugs> |
Status: | CLOSED WONTFIX | QA Contact: | MRG Quality Engineering <mrgqe-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | Development | CC: | astitcher, esammons, iboverma, jross |
Target Milestone: | 2.2 | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-07-23 15:01:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Frantisek Reznicek
2012-07-17 14:47:47 UTC
My view here is that the lifecycle of the Connection object is wrong: Really it should start as soon as the connection is accepted and note that it is in an "UNNEGOTIATED/UNAUTHENTICATED" state. Then when it has finished the protocal negotaion/user authentication it should change states appropriately until it is in the "WORKING" state. This working state would correspond to the current lifecycle of the object. [The actual names of states were made up and are probably not the best, probably there would be other states too] The we should apply the limits to Connection creation in the new lifecycle which would help rather better with DoS situations. Also it is not clear to me that the max-connections setting is the most useful thing (except for backwards configuration compatibility). Now that we have more granular settings it may not be so useful. Perhaps a maximum unauthenticated connections would be more useful - we'd have to put anonymous connections inthere somewhere too. |