[OAI-implementers] Dangers of OAI
Simeon Warner
simeon at cs.cornell.edu
Thu Mar 22 17:41:10 EDT 2007
If someone follows the protocol you can throttle OAI requests using 503
responses (see:
http://www.openarchives.org/OAI/2.0/guidelines-repository.htm#FlowControl).
We use this at arXiv but hope to get rid of it soon as we change our
infrastructure to allow us to support OAI more efficiently. Answering OAI
requests should be quite cheap.
If someone doesn't follow the protocol then you are, as always, left
monitoring the logs and adding a rule to your firewall in extreme cases. I
don't think there will ever be any way around that.
Cheers,
Simeon
On Thu, 22 Mar 2007, Torsten Schaßan wrote:
> Dear all,
>
> today in my institution we had a long discussion about the implementation of
> an OAI interface and the possible dangers of OAI: how to prevent
> denial-of-service-like numbers of harvester requests?
>
> What experiences do you have with such things as OAI doesn't have any
> precaution to prevent something like this? Did you ever experience problems
> for your servers or are there any measures we could implement and which we
> have overlooked?
>
> Best, Torsten
>
>
> _______________________________________________
> OAI-implementers mailing list
> List information, archives, preferences and to unsubscribe:
> http://www.openarchives.org/mailman/listinfo/oai-implementers
>
More information about the OAI-implementers
mailing list