On Thu, Apr 21, 2011 at 11:56 AM, Tommi Virtanen <tommi.virtanen@xxxxxxxxxxxxx> wrote: > I also think that Ceph, and especially the RGW bits, needs to be > written to be fairly robust against DoS attacks. Nasty things happen > out there, and having somebody able to trigger a "slow mode" on your > server with fairly cheap operations is bad. Yeah. > Here's a concrete proposal: split the filename into subdirs if needed, > and map the names 1:1, just to avoid the unpredictability of the above > approach. And to get significantly less code and branching in the fast > path. That is, I think I'd go for something like (Python written in C > style to make it more direct to translate): I like this idea a lot. It does involve extra expense, but only for long file names. It also avoids object name collisions completely. One additional idea: can we make the chunking configurable? If we did a translation like this: abcdefg -> abc/def/g 123456789 -> 123/456/789 prefix search would become a *lot* more efficient for rgw. On the other hand, the filesystem layer doesn't care about prefix search, so it could just configure the chunking to be after 200 characters or something (at which point it's basically a no-op.) cheers, Colin -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
