terrorchid
Hi all,
I'm currently toying with an implementation that solely uses XMLRPC & AJAX. It's a small private mail system.
The mails use DW syntax, so it blends in with the rest of the site. Once a registered member has written a
mail, he can hit "preview" which sends the raw text to the XMLRPC interface and the rendered text is sent
back & displayed next to the raw text.
From a hacker's point of view, it's pretty easy to do a DoS attack this way: just flood the XMLRPC interface
with render requests.
Are there plans to explicitly include the badbehaviour plugin in XMLRPC? I see no other way in resolving this.
andi
Since XMLRPC is meant to be used by bots, using the badbehavior plugin might not be a good idea there. Adding some kind of flood control to the XMLRPC interface on the other hand might be.
But really the XMLRPC interface is not much different from the normal web interface. If someone can DOS you via XMLRPC he probably can do the same using the "normal" webinterface.
terrorchid
I see.
Just as a note, XMLRPC is a major step forward in using AJAX on a DW installation - it's very responsive, dead easy and the part I implemented uses a fraction of the bandwidth of the normal interface (no images & css loading).
I'll try to get the badbehaviour in there and see how it works out.
There are still a few quirks I need to fiddle around ... I'm currently using the classic javascript dirty "innerHTML" method to get layout done after an XMLRPC call. I don't see a solution on that front.