[open-ils-commits] [GIT] Evergreen ILS branch rel_2_1 updated. 4ded23ab61ad4611eec9cdd591d48544ec2c9cc1

[Evergreen Git]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_1 has been updated
       via  4ded23ab61ad4611eec9cdd591d48544ec2c9cc1 (commit)
      from  acd548c42804803742e3c5b0cbf80700391d5bb2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4ded23ab61ad4611eec9cdd591d48544ec2c9cc1
Author: Dan Scott <dan at coffeecode.net>
Date:   Fri Jun 17 12:30:12 2011 -0400

    Set AC timeout value to 3 seconds and describe tradeoffs
    
    As discussed on the Evergreen Development mailing list, the higher the
    AC timeout value, the greater the risk of a denial of service. 30 is
    therefore too high to be comfortable as a default setting, so we're
    dropping it down to 3 as a compromise between the original value of 1
    (which resulted in a number of request timing out where added content
    was actually available) and the much-less-safe 30.
    
    In addition, we document inline the risk/reward of different values and
    provide some justification for the default value that we chose, so that
    Evergreen system administrators will have guidance when tweaking this
    setting.
    
    Signed-off-by: Dan Scott <dscott at laurentian.ca>
    Signed-off-by: Mike Rylander <mrylander at gmail.com>

diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example
index e41f477..0b16511 100644
--- a/Open-ILS/examples/opensrf.xml.example
+++ b/Open-ILS/examples/opensrf.xml.example
@@ -279,16 +279,28 @@ vim:et:ts=4:sw=4:
 
 
         <added_content>
-
             <!-- load the OpenLibrary added content module -->
             <module>OpenILS::WWW::AddedContent::OpenLibrary</module>
 
             <!--
             Max number of seconds to wait for an added content request to 
             return data.  Data not returned within the timeout is considered
-            a failure
+            a failure.
+
+            Note that the pool of Apache processes used by the AddedContent
+            module is the same pool used by core Evergreen processes such as
+            search, circulation, etc. Therefore, the higher you set this
+            timeout value, the more likely you are to run out of available
+            Apache processes resulting in an accidental (or purposeful) denial
+            of service - particularly if the added content server starts
+            responding abnormally slowly.
+
+            The safest option is to disable the AddedContent module completely,
+            but 3 seconds is a compromise between the threat of a denial of
+            service and the enhanced user experience offered by successful added
+            content requests.
             -->
-            <timeout>30</timeout>
+            <timeout>3</timeout>
 
             <!--
             After added content lookups have been disabled due to too many

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/examples/opensrf.xml.example |   18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Evergreen ILS