Skip to content

Protect against DDOS and DOS (for registration)

There is a potential DOS / DDOS at registration time. This has been mentioned at !17 (comment 269521) , !6 (comment 246972)

The DOS/DDOS can happen because non-registered workers create locally tokens and submits them to the debusine server for registration. At this time the server creates a new entry in the DB (for the token and worker) even though the token is not enabled yet (debusine-admin needs to enable it). This flow is by design (see #4 (closed) ).

To be prioritised and discussed how to implement the protection.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information