Labs/Joey/updateserver2
From MozillaWiki
Things to do:
- Address security around our WGET's. Does the princeton attack apply?
- What security concerns do you have?
- If we are to do DNS resolution to determine if the IP is ours or not, there is a chance that a smart attacker can trick DNS to return two different DNS IP's -- the first would be a valid one that isn't in our NAT, the second would be in our NAT space. this is the so-called princeton attack more or less. So, if we do plan to look at the IP's -- which is probably a good thing, we want to "pin" them so that we use the resolved IP as the actual IP that we use. So:
- What security concerns do you have?
1) resolved_ip = resolv_domain() 2) check to see if resolved_ip is safe 3) use wget (resolved_ip)
we may have to do more or less depending on what the local dns table does. I want to chat with a few others about this (dveditz in particular)
- I don't think this is still an issue with bug 393573 (details left out since the bug is private)
- Address security around python spawn()
- Replace with subprocess. Depends on bug 393633
- Fix video transcoding (DONE)
- Fix picture transcoding (DONE)
- Fix RSS favicon hack (maybe)
- Figure out how the joey.py script gets started by the system
- Cron or manually. Why is this a concern? Once nagios is setup to monitor, we'll know when it's offline and we can ask IT to start it (however they feel is best). If you want it automatic, we'll just add it to a cron job..
- It isn't a concern -- it just needs to get done and documented. (DONE)
- Cron or manually. Why is this a concern? Once nagios is setup to monitor, we'll know when it's offline and we can ask IT to start it (however they feel is best). If you want it automatic, we'll just add it to a cron job..
- Add nagios to watch joey.py
- Define "watch" - just checking if the process is running? making sure the port is accepting connections?
- exactly. is this something that our IT basically does?
- They can set nagios to check whatever you like - you need to define what it should be checking. (I guess I'd suggest making sure the port was open and accepting connections)
- Define "watch" - just checking if the process is running? making sure the port is accepting connections?
- Increase memory usage of php in php.in to 500mb.
- Why?
- take a look at the file controller's view function. we basically load all of the file's content into one variable. then this variable is accessible from the view. This means that we bloat the crap out of php. I think a better approach would be to stream -- but I am not sure how to do this in the cakephp framework.
- Let's pass the filename (or a handle) to the view and look at the php stream functions
- Why?
