-
Notifications
You must be signed in to change notification settings - Fork 649
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Review limitations on API's #783
Comments
Claiming this issue |
Thank you @manikey123 for picking this up. May I request you spend an hour on this and #844 to research and document your proposed solution along with an estimate for each. |
From #781 Please do provide clarifications for the below points:
let me know your feedback |
IMO FC_ASSERT should be added, with a default value of 100, and the value should be configurable in the sense of #782 . |
bitshares-ui calls get_limit_orders, get_call_orders, get_settle_orders with limit = 300. See bitshares/bitshares-ui#1796 |
783 has 3 API's in scope. |
Starting with above development |
Assigned to @manikey123 for 3 hours per API. Added a Task List to the Description above. Also, added the |
updated code for review #1598 |
The purpose was to mitigate DoS. Every API call should not cause too much pressure on an API node. |
based on above notes, went through code and below are API that can be configured: get_withdraw_permissions_by_giver --> limit=101 lookup_witness_accounts --> limit=1000 list_assets --> limit=101 |
IMO |
Yes. Please proceed. Thank you for your efforts @manikey123 |
Perhaps we can make this configurable as well? bitshares-core/libraries/app/database_api.cpp Line 900 in 3eae654
|
And these:
|
Created new issue #1733 for above items. |
2 hours spent on updating PR comments |
Docs are needed to close this. |
Some API's have a
limit
parameter but don't check whether it's too big. Inspired by #781 (comment).Be careful since changes may break client applications.
CORE TEAM TASK LIST
get_limit_orders
get_call_orders
get_settle_orders
get_order_book
The text was updated successfully, but these errors were encountered: