I want to limit message per second for users, for example, each user can send 3 messages per second, but I couldn't find a configuration setting to do that.
Is this possible and how?
As Dunedan mentioned, there is shaper that measures traffic in bytes/second: https://docs.ejabberd.im/admin/configuration/#shapers
And the oly other related option I can think is for MUC rooms: min_message_interval https://docs.ejabberd.im/admin/configuration/#mod-muc
Related
I am working on a little package using PHP and MySQL to handle entries for events. After completing an entry form the user will see all his details on a page called something like website.com/entrycomplete.php?entry_id=15 where the entry_id is a sequential number. Obviously it will be laughably easy for a nosey person to change the entry_id number and look at other people's entries.
Is there a simple way of camouflaging the entry_id? Obviously I'm not looking to secure the Bank of England so something simple and easy will do the job. I thought of using MD5 but that produces quite a long string so perhaps there is something better.
Security through obscurity is no security at all.
Even if the id's are random, that doesn't prevent a user from requesting a few thousand random id's until they find one that matches an entry that exists in your database.
Instead, you need to secure the access privileges of users, and disallow them from viewing data they shouldn't be allowed to view.
Then it won't matter if the id's are sequential.
If the users do have some form of authentication/login, use that to determine if they are allowed to see a particular entry id.
If not, instead of using a url parameter for the id, store it in and read it from a cookie. And be aware that this is still not secure. An additional step you could take (short of requiring user authentication) is to cryptographically sign the cookie.
A better way to implement this is to show only the records that belong to that user. Say the id is the unique identifier for each user. Now store both entry_id and id in your table (say table name is entries).
Now when the user requests for record, add another condition in the mysql query like this
select * from entries where entry_id=5 and id=30;
So if entry_id 5 does not belong to this user, it will not have any result at all.
Coming towards restricting the user to not change his own id, you can implement jwt tokens. You can give a token on login and add it to every call. You can then decrypt the token in the back end and get the user's actual id out of it.
Let's say that I have a website and I want to know all the users that logged in during a certain time interval.
Would it be a good idea to create a new table in the database for this purpose and add a new entry whenever a users logs in?
The table would contain 2 columns: the id of the user and the login date.
My main concern is that the number of entries from the table will become extremely large.
Can this be considered a good idea? Do you know if this method is being applied for other websites?
Thanks in advance!
The number of records in a table can be controlled via external script, which is put on cron/scheduler. If it becomes too big, old records can be removed
if it is not possible, as a workaround there could be a check of the number of records on each insert
just do not forget to set an index on the date field...
Yes, you can create a table that logs all the login time of each user. If there are millions of users you might want to store the recent login time instead. If space is not a problem then it will be good to store the login time each time a user is authenticated or authorized. Like this you can archive the data in this table periodically.
The general answer to this question is 'depends'.
You can:
Add user to the table on login. You hit the disk for each user, so be careful with a big amount of users.
You store a bunch of users in memory and write all the group at a certain size or time. This way you hit the disk fewer times.
Depending on how many users you expect you can think of a no-SQL solution.
Depending on your system, I advise the 2nd o 3rd approach
Read this for more info: Fast write performance, even if reads are very slow
How Many user accounts am i able to create in MySQL?
I am not asking the number of concurrent connections, neither the number of connections per user, i am only trying to find aout how many different user accounts is MySQL able to register.
MySQL stores its user credentials in a database table, so it's limited by whatever obscene number of rows a MySQL table can hold. These are typically limited by disk space rather than any particular hard limit.
User accounts management is implemented by using mysql.user table. Moreover you can create account directly by creating appropriate record in this table. So probably I'll be not very far from the truth when I say that number of user accounts is limited by number of records you can put to this table.
I have a list of jobs for multiple users stored in a MySQL table. I'm currently planning to do the following in the client app:
Ask MySQL server for jobs that are not allocated to anybody.
Mark the first job allocated to myself.
But the problem is, if 2 users somehow get the same list of "unallocated" jobs, they will both mark the same job as allocated. So how to manage such a situation, and ensure that each user gets only a unique unallocated job?
I'm trying to avoid using stored procs since I want all code within the app if possible.
Sorry, the way you like it, you will need a trigger to avoid sending the same list, allocating at the moment of quering. Or you can blind accept and allocating at the moment of quering...
Someting like this:
Update jobs set allocatedto=myid where status=notallocated limit 1
select * from jobs where status=allocated and allocatedto=myid limit 1;
select * from jobs where status=not allocated;
I am using GE2011.11. Previously, I was using Torque/Maui. In Maui, there is a concept of partition with the help of which we can logically divide the cluster. A node can't belong to more than one partition.
In GE, I am thinking of host groups to achieve this but a node(host) can belong to more than one host group this is what is undesirable. Any idea, how can we achieve partitioning with host groups?
In GE, there is a feature called multi-clustering. Can we use this feature to implement partitioning? Any idea, how do we use this?
With SGE you can modify the host groups manually so that a host(node) only exists in a single host group. You can then create queues that only use a single host group. The users would then submit jobs to the specific queues(which themselves can be limited by users) to access specific host groups. This would effectively divide your grid.
The basic things to look out for when performing this setup relates to the all.q queue and the #allhosts hosts group. If you remove all hosts from the #allhosts group you should be okay to do this.
Let me know if you have further questions, I would be happy to help as I have been administering an SGE cluster for years now.
Since the administrator defines the membership of hostgroups just define the groups so as not to overlap. If you want to control which users can run on which partition you can do this by defining grid engine acls/usersets for each group of users and using the enhanced queue configuration syntax to associate a different list with each hostgroup in the queue definitions.
user_lists chemists,[#physicshosts=physicists],[#biologyhosts=biologists]
If what you are trying to do is ensure a given job runs on one set of hosts or the other but not a mixture then you need to define multiple identical parallel environments and use a similar trick to associate each PE with a different hostgroup.
pe_list mpich-A,[#switchb=mpich-B],[#switchc=mpich-C]
Users then request a wildcard PE when submitting their job:
#$ -pe mpich-* 8