View Issue Details

IDProjectCategoryView StatusLast Update
0006756VALENTINA SERVERClientpublic2015-01-03 11:41
ReporterFabian EschrichAssigned ToIvan Smahin 
PrioritynormalSeveritymajorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version 
Target Version5.7Fixed in Version5.7 
Summary0006756: Only connections with successful login should be counted.
DescriptionSo its very easy to attack vserver by just starting 25 connections to it.
Server will wait for timeout of each connection and nobody else can login anymore.

We should have a smaller timeout or configuration option for connections that are not logged in.
Also these connections should not take a license until they are logged in.

Also we should keep an admin connection open (maybe server admin should not take a connection), else you have no chance to look into it
TagsNo tags attached.

Relationships

parent of 0006966 resolvedIvan Smahin Extra connection needed for admin only in case of all connections are in use. 

Activities

Ivan Smahin

Ivan Smahin

2014-01-31 09:51

manager   ~0007596

Could you send me your server ini file and few vserver logs?
Fabian Eschrich

Fabian Eschrich

2014-01-31 10:26

reporter  

vserver.ini (3,260 bytes)
Fabian Eschrich

Fabian Eschrich

2014-01-31 10:35

reporter  

vserver_20140130_163211.log (11,133 bytes)
Ivan Smahin

Ivan Smahin

2014-11-06 11:31

manager   ~0007962

; Specifies the CONNECTION timeout in seconds for a client.
; 0 - means no timeout.
MaxConnectionTimeout=20

This is exactly what you want. You will be waiting this timeout (in case of "connection limit reached") before vServer either checks once more for "available connections" (another client might be off during this timeout) or terminates your connection.
Ivan Smahin

Ivan Smahin

2014-11-06 11:33

manager   ~0007963

MaxConnectionTimeout=0 means - vServer does not wait and terminate the connection immediately.
Ivan Smahin

Ivan Smahin

2014-11-10 10:04

manager   ~0007966

About "server admin should not take a connection":
In this case you have unlimited connections in fact.

About "licensed connections + one more admin":
There is no difference with current licensing policy (just one more connection and you are not able to log in after that).

"...else you have no chance to look into it"
What about SNMP service to look after vServer?
Fabian Eschrich

Fabian Eschrich

2014-11-10 10:16

reporter   ~0007967

With admin connection I meant the administration features in valentina studio.
Normally a user would be able to see who is connected and kill inactive connections. But this does not work if all connections are in use.
So my idea was, that these features should maybe not eat a license.

This means the Server admin area of vstudio could really help admins to manage connections, database, projects, see the logs etc. This will be very useful in case of problems.

The other way at the moment is always shutting down the server
Ivan Smahin

Ivan Smahin

2014-11-10 11:09

manager   ~0007968

Ok, it will be done this way:

Assume there is license for 5 connections. There is one more (extra) connection available for admin only in case of all connections are in use. So you have 5 connections for anybody + extra one for admin only.
Fabian Eschrich

Fabian Eschrich

2014-11-10 11:30

reporter   ~0007969

sound good. this connection could also be restricted to only do server administration but no database operations

Issue History

Date Modified Username Field Change
2014-01-30 13:51 Fabian Eschrich New Issue
2014-01-31 09:51 Ivan Smahin Note Added: 0007596
2014-01-31 10:26 Fabian Eschrich File Added: vserver.ini
2014-01-31 10:35 Fabian Eschrich File Added: vserver_20140130_163211.log
2014-02-14 10:40 Ruslan Zasukhin Target Version => 7.0
2014-08-05 11:32 Ruslan Zasukhin Target Version 7.0 => TODO_BUGS
2014-11-06 11:31 Ivan Smahin Note Added: 0007962
2014-11-06 11:33 Ivan Smahin Note Added: 0007963
2014-11-07 11:01 Ivan Smahin Target Version TODO_BUGS => 5.7
2014-11-10 10:04 Ivan Smahin Note Added: 0007966
2014-11-10 10:16 Fabian Eschrich Note Added: 0007967
2014-11-10 11:09 Ivan Smahin Note Added: 0007968
2014-11-10 11:30 Fabian Eschrich Note Added: 0007969
2014-11-10 14:52 Ivan Smahin Status new => resolved
2014-11-10 14:52 Ivan Smahin Fixed in Version => 5.7
2014-11-10 14:52 Ivan Smahin Resolution open => fixed
2014-11-10 14:52 Ivan Smahin Assigned To => Ivan Smahin
2014-11-10 15:07 Ivan Smahin Relationship added parent of 0006966
2015-01-03 11:41 Ruslan Zasukhin Summary Open connection without any login or activity is eating a connection license => Only connections with successful login should be counted.