[open-ils-commits] [GIT] Evergreen ILS branch master updated. 804ce3723c05cb44da0dc8fceef68138b709cf13

Evergreen Git git at git.evergreen-ils.org
Mon Jun 20 14:01:53 EDT 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, master has been updated
       via  804ce3723c05cb44da0dc8fceef68138b709cf13 (commit)
      from  b066d2c3b129e8d0738a061e23200d8311d251bf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 804ce3723c05cb44da0dc8fceef68138b709cf13
Author: Dan Scott <dan at coffeecode.net>
Date:   Fri Jun 17 12:30:12 2011 -0400

    Set AC timeout value to 3 seconds and describe tradeoffs
    
    As discussed on the Evergreen Development mailing list, the higher the
    AC timeout value, the greater the risk of a denial of service. 30 is
    therefore too high to be comfortable as a default setting, so we're
    dropping it down to 3 as a compromise between the original value of 1
    (which resulted in a number of request timing out where added content
    was actually available) and the much-less-safe 30.
    
    In addition, we document inline the risk/reward of different values and
    provide some justification for the default value that we chose, so that
    Evergreen system administrators will have guidance when tweaking this
    setting.
    
    Signed-off-by: Dan Scott <dscott at laurentian.ca>
    Signed-off-by: Mike Rylander <mrylander at gmail.com>

diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example
index e41f477..0b16511 100644
--- a/Open-ILS/examples/opensrf.xml.example
+++ b/Open-ILS/examples/opensrf.xml.example
@@ -279,16 +279,28 @@ vim:et:ts=4:sw=4:
 
 
         <added_content>
-
             <!-- load the OpenLibrary added content module -->
             <module>OpenILS::WWW::AddedContent::OpenLibrary</module>
 
             <!--
             Max number of seconds to wait for an added content request to 
             return data.  Data not returned within the timeout is considered
-            a failure
+            a failure.
+
+            Note that the pool of Apache processes used by the AddedContent
+            module is the same pool used by core Evergreen processes such as
+            search, circulation, etc. Therefore, the higher you set this
+            timeout value, the more likely you are to run out of available
+            Apache processes resulting in an accidental (or purposeful) denial
+            of service - particularly if the added content server starts
+            responding abnormally slowly.
+
+            The safest option is to disable the AddedContent module completely,
+            but 3 seconds is a compromise between the threat of a denial of
+            service and the enhanced user experience offered by successful added
+            content requests.
             -->
-            <timeout>30</timeout>
+            <timeout>3</timeout>
 
             <!--
             After added content lookups have been disabled due to too many

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/examples/opensrf.xml.example |   18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list