|
Grex > Coop11 > #51: Enabling CGI scripts for Grex users | |
|
| Author |
Message |
| 10 new of 59 responses total. |
remmers
|
|
response 50 of 59:
| 
Apr 5 17:08 UTC 1999 |
(ryan slipped in with response #48)
|
pfv
|
|
response 51 of 59:
|
Apr 5 17:20 UTC 1999 |
Actually, as I recall - there is some oddball-superweird method
of convincing httpd that a page/cgi or whatever is "password
protected", too - ala' Backtalk..
A brief discrip of that method would prolly be applicable here,
but I sure can't remember what I read, where and how.
|
prp
|
|
response 52 of 59:
|
Apr 5 17:30 UTC 1999 |
Whether or not they have an account on Grex seems quite irrelevant.
Anybody can get an account, and with out ANY identification, or at
least any non-fictional identification.
|
pfv
|
|
response 53 of 59:
|
Apr 5 17:37 UTC 1999 |
And, your point was?
|
remmers
|
|
response 54 of 59:
|
Apr 5 21:12 UTC 1999 |
Yes, you can password-protect webpages and CGI's. I won't attempt
to describe the method here.
Not sure I see the point in #52 either. My point was: If somebody
puts up a web page on Grex, and that web page has a CGI on it, and
the web page and CGI become really popular, such that 20,000 users
visit it every week, that could add up to a fair chunk of Grex's
CPU usage. At least with regular programs, the necessity to log in
to Grex first before running them puts some kind of control on how
much the programs get run. No such control exists with CGI programs.
I'm not saying we shouldn't allow user CGI's, or that the above
worst-case scenario is necessarily going to happen, but it's
conceivable that user CGI's could sustantially increase the load
on Grex.
|
ryan
|
|
response 55 of 59:
|
Apr 5 23:52 UTC 1999 |
This response has been erased.
|
prp
|
|
response 56 of 59:
|
Apr 6 03:47 UTC 1999 |
From 51: a normal program can be run only by someone who is logged in,
a CGI script can be run by anyone on the Internet.
Point of 52: A normal program can be run by anyone on the Internet.
The big difference is that a CGI script makes it easier, at least if it
is a good one. This may cause some system load, but that's good as long
as it doesn't cause too much load. I imagine that anyone who created a
page that got 20,000 hits/week would be very happy. And that's less than
two/minute.
|
arthurp
|
|
response 57 of 59:
|
Apr 6 13:56 UTC 1999 |
From 51: a normal program can be run by someone logged in,
a CGI can be run by anyone on the internet.
Point of 52: A normal program can be run by anyone on the internet if
and only if they have successfully contended for one of the 70 or so
login connections available on Grex.
Programs are throttled by limits on Grex. CGI's are not throttled. I
once made a webpage here that completely swamped Grex and it had no
CGIs. It received a couple hundred hits.
Say it would be really handy if I had a multi search engine whose
expression parsing and results display I could control. I'll make a
multi search engine in my home. I"ll only use it myself and tell a
couple friends. It won't use much of Grex's CPU. It won't swamp the
like or raise the load so high mail never gets delivered. I promise.
|
devnull
|
|
response 58 of 59:
|
Apr 11 04:36 UTC 1999 |
Enabling cgi scripts would be reasonable, if appropriate resource limiting
is done.
Basically, I suspect that with a sane limit on the number of hits per owning
account per day, and some sort of cpu time limit for processing each of those
hits (not elapsed time; time spent actually doing something on a CPU), you
probably would end up offering a useful service without it swamping the
machine.
(And I'm thinking 100 hits per day per user, and 10 seconds per process,
might be the right amount.)
On a 4 processor system, that means a user could use .289% of grex's cpu
time through CGI abuse.
Now, in practice, the problem we run into is taht the staff will have to
spend time setting this up, and dealing with the fact that every now and
then, people *will* write cgi code that causes problems. I think this
can be done, if staff time is available, and I doubt that it really is.
|
mdw
|
|
response 59 of 59:
|
Apr 13 05:52 UTC 1999 |
One of the things I don't like thinking about is a forkbomb cgi.
|