[Tilesathome] Render request issue?
Robert (Jamie) Munro
rjmunro at arjam.net
Wed Oct 10 12:08:59 BST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dirk-Lüder Kreie wrote:
> micha ruh schrieb:
>> Theres one user accepting thousands of render requests but never returning
>> one..
>> Maybe someone can stop that?
>
>> Micha
>
> The user has been contacted. Unfortunately the queue does not require
> authentication. Furthermore I'm against transferring passwords in a GET
> request
I don't think it should be a GET request. According to
http://www.w3.org/2001/tag/doc/whenToUseGet.html:
"POST is appropriate for ... applications where a user request has the
potential to change the state of the resource (or of related resources)."
That's why, if you press reload on a browser looking at a GET request,
it just re-sends the request and reloads the page. If you press it on a
POST, it gives a warning "...any action the form carried out will be
repeated...".
Taking something off a queue is changing the state of the resource IMHO.
Is there a good reason that it isn't a POST request?
> (it's bad enough it's plaintext in the POST request for upload).
T at H passwords are plaintext - we just have to live with that. If you
allocate them at random and don't use them with anything else, we'll be
fine.
In the mean time, can we block the bad user by IP address, even if this
causes collateral damage and knocks of some legitimate users? It's
totally breaking Tiles at Home.
Robert (Jamie) Munro
_______________________________________________
Tilesathome mailing list
Tilesathome at openstreetmap.org
http://lists.openstreetmap.org/cgi-bin/mailman/listinfo/tilesathome
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHDLLFz+aYVHdncI0RAoc5AJ9Ha6wwMb3BTTrPzV0IA1iXjw1MAACgpFXk
b3I1HSQ7hpDAz8q4iWGUw/4=
=PuFm
-----END PGP SIGNATURE-----
More information about the Tilesathome
mailing list